Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- Subject: Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- From: Timothy J Miller <email@hidden>
- Date: Thu, 29 May 2008 10:53:34 -0500
The same "Keychain crashes when accessing ID preference using
smartcard" bug is still in 10.5.3. Which is freakin' annoying as
hell. The issue is with SecurityServer, which will impact...well,
everything.
David, Shawn-- Who do I have to bribe to get this fixed? Your
platform is rapidly becoming useless to me.
-- Tim
On May 29, 2008, at 7:49 AM, Richard Sperling wrote:
Same problem here with a OmniKey Cardman 3121 reader. Everything was
fine under 10.5.2. Time to use Pacifist to revert to 10.5.2.
On May 29, 2008, at 8:04 AM, Michael Kluskens wrote:
Under OS X 10.5.3 I've lost functionality, Keychain Access and OS X
Mail work with my DoD CAC card; however, Safari does not, I get
anything from no response <infosec.navy.mil> to a crash of Safari
with corruption of my login keychain <netgroup.nrl.navy.mil>. All
this worked fine from 10.3.x through all of 10.4 and up to 10.5.2
(The Apple bug number for this issue is #47225052 I believe if
anyone has the right access to check on the status of this).
Tested and verified on both PowerPC and Intel Macs, tested and
verified with a format and reinstall of 10.5.1 with all updates to
10.5.3 and no customizations, no third-party apps, and no usage of
Migration assistant.
Given that Keychain Access sees the card and that OS X Mail works
and Safari does not I doubt it's my card reader but in any case I'm
using a GEMPLUS DoD CAC and a SCM SCR33x USB Smart Card Reader with
Firmware 05.18.
The ActivCard reader which we flashed was supplied by our security
people, if we have to go out and buy other card readers it won't
look good for Apple at this location, a couple thousand dollars to
make OS X work with the DoD CAC (estimate 200 users here with $20
per reader).
And of course the Orthebur CAC cards don't work at all under 10.5.3
with the SCR33x card reader, funny no word on why that can not be
fixed in OS X--legal issues with drivers from SCM? Unfortunately
now I have three users who have to find a PC to do their work and
the number is growing monthly.
The following is any interesting take on the which certificate
problem:
CFNetwork
CVE-ID: CVE-2008-1580
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An information disclosure issue exists in Safari's SSL
client certificate handling. When a web server issues a client
certificate request, the first client certificate found in the
keychain is automatically sent, which may lead to the disclosure of
the information contained in the certificate. This update addresses
the issue by prompting the user before sending the certificate.
Regarding the Orthebur CAC and SCM SCR readers.
On Feb 29, 2008, at 9:22 AM, Shawn A. Geddis wrote:
There is currently (10.5.0-10.5.2) a very specific issue between
some of the newer Smart Cards (T=1 / Block Transfer) with very
specific Smart Card Readers (SCM SCR 331, 531, 3310, 3311).
Combination with a different reader or a different card work as
expected.
* There are many *different* CACs issued
* There are many *different* Smart Card Readers available.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden