The CAC does show at the top of the Keychain
list, and comes and goes according to whether the card is in the reader (appropriately).
Even though the Keychain part was correct,
I tried the rest of the steps with the following results:
7/9/08 3:33:19 PM
com.apple.SecurityServer[19] src/CCIDDriver/specific/MacOSX/tools_mosx.c (63):
Bundle InfoDic error: ifdReadTimeOut not found
7/9/08 3:33:19 PM
com.apple.SecurityServer[19] src/CCIDDriver/USB/MacOSX/usbserial_mosx.c (1061):
Captured device manufacturer is SCM Microsystems Inc.
7/9/08 3:33:19 PM
com.apple.SecurityServer[19] src/CCIDDriver/USB/MacOSX/usbserial_mosx.c (1061):
Captured device product name is SCRx31 USB Smart Card Reader
7/9/08 3:33:19 PM com.apple.SecurityServer[19]
src/CCIDDriver/USB/MacOSX/usbserial_mosx.c (1061): Captured device serial
number is 21120739G12849
7/9/08 3:33:19 PM
com.apple.SecurityServer[19] Token reader CCID Smart Card Reader 00 00 inserted
into system
7/9/08 3:35:37 PM com.apple.SecurityServer[19]
reader CCID Smart Card Reader 00 00 inserted token "CAC-****-****-****-****-****"
(CAC-****-****-****-****-****) subservice 2 using driver com.apple.tokend.cac
The splats in the last entry replaced the CAC
ID in hex.
The error you told me to expect in step 10
was not there. These are all of the log entries from the time I inserted the CAC
reader to the end. I now understand how the other people knew that OS X was
recognizing their CAC.
It sounds like Mr Lewis and I are at the same
point. Now what?
Appreciating the guidance, but still lost.
Bill Frame (CTR)
Joint Program Executive Office for
Chemical and Biological Defense
Software Support Activity, San
Diego, CA
Senior Systems Engineer
Desk: 619.553.0799 Fax: 619.553.6902
Cell: 619.992.8983
email@hidden
From: Paul Nelson
[mailto:email@hidden]
Sent: Wednesday, July 09, 2008
1:16 PM
To: Bill Frame; Apple Fed Talk
Subject: Re: [Fed-Talk] How to
setup CAC authentication in Safari
Bill,
I think you would be helped out a lot if you had the Army golden master for
your Mac. It should take care of making sure your CAC works properly.
You would still have the various problems connecting to web sites
however.
Here are some simple steps to see if the CAC is working with the card reader.
- Remove the CAC from the reader
- Launch the Keychain Access utility (in
Applications / Utilities)
- In the extreme lower left corner of the
window, you will see a button with a triangle in it. Click this
button so the triangle points UP. This will change your window so it
displays a list of keychains
- With the list of keychains showing on the left
side of the window, insert your CAC and wait a few seconds. You
should see a new item appear at the top of the list. The new item
will have a name starting with the letters CAC.
If NO item appears in the window, follow these troubleshooting steps:
- Unplug the smartcard reader, remove the CAC
from the reader
- Reboot the Mac
- Launch the Console utility (in Applications /
Utilities).
- Make sure the Console window says “All
Messages” at the top. If it does NOT say “All
Messages”, then choose “Open Quickly” then “LOG
DATABASE QUERIES” then “All Messages” from the File menu.
- Watch the Console window (it should say
“All Messages” at the top) and connect your card reader.
You should see messages identifying the card reader. If you
don’t, your card reader may not be working, or may need to be
flashed with newer firmware. Check the manufacturers site for
information about firmware.
- If the card reader messages appear in the
console window, insert your CAC into the reader. You should see
messages indicating that a card was inserted. You may see some error
messages too.
- Launch the Activity Monitor utility (in
Applications / Utilities). Choose “Activity Monitor”
from the Window menu.
- In the Activity Monitor window, click on the
Process ID column until you see a triangle pointing down. You want
to see process ids sorted with the largest number first.
- You should see a process named CAC in the
list. If not, your card reader and CAC combination is not supported
by the OS. You may have to try a different kind of card reader.
If you have Thursby’s AFC product installed, you will see a
process named AMSmartCard appear instead of “CAC”.
- If you do not see the CAC process, look at the
Console window (All Messages). If you see an error message with
“Protocol
type of card (T=1) not supported by this driver for this type of reader
(TPDU)” you are experiencing a known problem with
Leopard. Shawn Geddis posted a link to an installer that may fix
this particular issue.