Bill Frame (CTR)
Joint Program Executive Office for
Chemical and Biological Defense
Software Support Activity, San
Diego, CA
Senior Systems Engineer
Desk: 619.553.0799 Fax: 619.553.6902
Cell: 619.992.8983
email@hidden
From: Paul Nelson
[mailto:email@hidden]
Sent: Wednesday, July 09, 2008
1:16 PM
To: Bill Frame; Apple Fed Talk
Subject: Re: [Fed-Talk] How to
setup CAC authentication in Safari
Bill,
I think you would be helped out a lot if you had the Army golden master for
your Mac. It should take care of making sure your CAC works properly.
You would still have the various problems connecting to web sites
however.
Here are some simple steps to see if the CAC is working with the card reader.
- Remove the CAC from the reader
- Launch the Keychain Access utility (in
Applications / Utilities)
- In the extreme lower left corner of the
window, you will see a button with a triangle in it. Click this
button so the triangle points UP. This will change your window so it
displays a list of keychains
- With the list of keychains showing on the left
side of the window, insert your CAC and wait a few seconds. You
should see a new item appear at the top of the list. The new item
will have a name starting with the letters CAC.
If NO item appears in the window, follow these troubleshooting steps:
- Unplug the smartcard reader, remove the CAC
from the reader
- Reboot the Mac
- Launch the Console utility (in Applications /
Utilities).
- Make sure the Console window says “All
Messages” at the top. If it does NOT say “All
Messages”, then choose “Open Quickly” then “LOG
DATABASE QUERIES” then “All Messages” from the File menu.
- Watch the Console window (it should say
“All Messages” at the top) and connect your card reader.
You should see messages identifying the card reader. If you
don’t, your card reader may not be working, or may need to be
flashed with newer firmware. Check the manufacturers site for
information about firmware.
- If the card reader messages appear in the
console window, insert your CAC into the reader. You should see
messages indicating that a card was inserted. You may see some error
messages too.
- Launch the Activity Monitor utility (in
Applications / Utilities). Choose “Activity Monitor”
from the Window menu.
- In the Activity Monitor window, click on the
Process ID column until you see a triangle pointing down. You want
to see process ids sorted with the largest number first.
- You should see a process named CAC in the
list. If not, your card reader and CAC combination is not supported
by the OS. You may have to try a different kind of card reader.
If you have Thursby’s AFC product installed, you will see a
process named AMSmartCard appear instead of “CAC”.
- If you do not see the CAC process, look at the
Console window (All Messages). If you see an error message with
“Protocol
type of card (T=1) not supported by this driver for this type of reader
(TPDU)” you are experiencing a known problem with
Leopard. Shawn Geddis posted a link to an installer that may fix
this particular issue.
From: Bill
Frame <email@hidden>
Date: Wed, 9 Jul 2008 10:59:10
-0700
To: Apple Fed Talk <email@hidden>
Subject: Re: [Fed-Talk] How to
setup CAC authentication in Safari
Unfortunately, there seems to be a problem with participants of this
list operating at the extremes of competence on the OS X system administration.
I’ve owned a Mac for nearly 3 months, so I’m obviously at the
bottom end.
Since I didn’t try to use the CAC until June, I started with 10.5.3, so
10.5.3’s changes didn’t apply to my situation. 10.5.4 did solve
some issues that it wasn’t supposed to, but the CAC recognition problem
is still there.
Some people are talking about how the CAC is recognized by the machine, but not
by the target web site. How do they know? Someone mentioned the CAC certs
showing in the Keychain, but mine show there when the CAC is not attached. When
I go to AKO or the Navy PKI site, they obviously do not see the CAC.
Another thing was setting the system log to record website URLs:
http://lists.apple.com/archives/Fed-talk/2008/Jul/msg00024.html
The “troubleshooting” section probably has some incredibly useful
information, but it leaves out most of the steps involved. The commands to do
this don’t help a lot if you’re not familiar with how to do command
line in OS X. I haven’t done Unix command line since the early 90s, so
I’m not up on what is safe and what isn’t, or whether there are
intermediate steps after bringing up the Terminal.
http://www.apple.com/itpro/federal/
has a lot of marketing stuff, but I’m not finding anything that says
“this is what you need to do, and look here if it doesn’t work”.
I would love to walk away from Windows. The reason I have the Mac is because I
spent 3 days fixing a .net framework issue on XP. But I can setup an XP box to
access the sites requiring a CA
I know how frustrating it can be doing detailed instructions for newbies, but
that’s where some of us are. Anybody up to the challenge?
Bill Frame (CTR)
Joint Program Executive Office for
Chemical and Biological Defense
Software Support Activity, San
Diego, CA
Senior Systems Engineer
Desk: 619.553.0799 Fax: 619.553.6902
Cell: 619.992.8983
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden