• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?

  • Subject: Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
  • From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
  • Date: Thu, 2 Oct 2008 15:30:49 -0400
  • Thread-topic: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
Title: Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
Agreed — what I, and my NIH colleagues, don’t understand is if that wiring is to be done at our end or at Apple’s.  As far as we can tell, setting up our AD server as an LDAP directory service causes Keychain Access to query it — but we have no clue what attributes it’s looking for.  And whatever it’s doing, it’s not receiving replies that tell it that there are valid certs attached to the return objects, even though the userCertificate and userSMIMECertificate attributes are returned attached to those objects.

So is this something that we can fix at our end, or is this a bug/flaw/missing piece in the architecture of Keychain Access querying directory services for certs?  (And I have to ask: are there any directory services that Keychain Access can successfully query?  I’m excluding .Mac here, since that service is governed by its own preference check box — I’m talking about directory services that are included by virtue of the “Search Directory Services for Certificates” checkbox being selected.)

Jason



On 10/2/08 3:26 PM, "Joel Rennich" <email@hidden> wrote:



On Oct 2, 2008, at 12:19 PM, Levine, Jason (NIH/NCI) [E] wrote:

> Any thoughts?  Is there *any* documentation available about this?

Currently there needs to be some work done under the covers to wire up
the remaining bits, as you've seen.

An ideal goal here is to have this work in a similar fashion to how
the .Mac keychain works. You enable .Mac searching in the preferences,
just above the check box to enable directory services. Once done, you
can look up .Mac/MobileMe users and find their certificates. This is
also done automatically by applications like iChat that can get a
certificate for a user that you've never had any previous contact with.

Joel

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
      • From: Shawn A.Geddis <email@hidden>
References: 
 >Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"? (From: Joel Rennich <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
  • Next by Date: Re: [Fed-Talk] MAPI vs IMAP Security Comparison Hunt
  • Previous by thread: Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
  • Next by thread: Re: [Fed-Talk] Keychain Access and "Search Directory Services for Certificates"?
  • Index(es):
    • Date
    • Thread