Consultant:
I understand that Mac OS X supports
military CAC. I am having trouble using my CAC and a SCR331 USB card reader
(which has been flashed to the most current FW of 5.25—should I
reflash it down to 5.18?) from home. Please advise and assist.
I use a PowerBook (Pismo) with a G4
processor (550 MHz) running Mac OS 10.4.11 with all the latest updates.
BTW, I also installed some SCM drivers downloaded from the SCM site…how
do I uninstall them (or delete them) if I need to do that? I understand that OS
10.4.+ was suppose to already have some CCID compliant drivers and I wonder if
the SCM drivers deleted them while installing their own…?! At any rate,
below is the info on what I have tried thus far…
When I query the system profiler, it
correctly reveals that the SCR331 card reader is attached to one of the two USB
ports. The green light on the card reader remains green. When I insert my CAC
card, it still remains green and does NOT blink…
I know that the card reader works
because if I take it over to my PC, it reads my CAC just fine and I can read my
USAF email, etc., etc., but no such love from the Mac?! A colleague mentioned
that they had to install OS X 10.4, plug in the card reader and configure, and
then install the updates to 10.4.11?! Do I really need to do this?!?!?
Here is what done. I have a SCM
Microsystems SCR331 USB Smart Card Reader flashed with the latest
firmware (5.25) downloaded from SCM Microsystems. I have also installed their
drivers which are purportedly both MacOS X 10.4 and 10.5 compliant:
SCR331/SCR531 CCID USB - MacOS X Driver/Installer
|
Installer:
|
Name
|
scmccid_5.0.8_CTAPI_Installer
|
Download
|
scmccid_5.0.8_mac.zip Download
File
|
Version
|
V5.0.8
|
File size
|
0.14
MBytes
|
Language
|
German,
English
|
Operating systems
|
MacOS
X
|
Note
|
This
is the MacOS X installer for the scmccid driver v5.0.8.
The driver supports MacOS X 10.5/Mac OS X 10.4
The setup also includes support for CT-API.
|
|
I have followed the instructions, below, all to no avail:
Add the DOD
Intermediate CAs to the Keychain
These steps are performed on a Mac
with OS X 10.4.3 or better.
a) Logon to the Mac with your
normal user ID.
b) Launch Keychain Access (Go | Utilities | Keychain Access).
c) Select Edit | Keychain List.
d) Under Show, select: Mac OS X (System).
e) Check "Shared"
checkbox for X509Certificates
(/System/Library/Keychains)
f) Click OK.
g) Close Keychain Access.
Delete old
Keychain Certificates and CAC cache (Optional):
If your CAC card has changed in
any way (new email address, name change, etc)
from the time you first used it on
a specific system, you may have to clear out the
cached CAC credentials and
certificates.
Step 1: Remove Cached CAC
credentials
a) Open a Terminal Session (Go | Utilities | Terminal)
b) Type: cd
/private/var/db/TokenCache and press <Enter>.
c) Type: sudo
mv tokens tokens-old and press <Enter>.
d) Type: sudo
mkdir tokens and press <Enter>.
e) Type: sudo chmod 711 tokens and
press <Enter>.
Step
2: Remove old Certificates
a)
Launch Keychain Access (Go | Utilities |
Keychain Access)
b)
Click on Certificates.
c)
Use Edit | Delete to remove
certificates with your name (Last.First.MI.xxx)
d)
Close Keychain Access.
Technical
Report NPS-CS-06-009
The
Center for Information Systems Security Studies and Research 8
Return
to Top
Copy new Certificates from CAC to Login Keychain:
You
must copy your CAC credentials from the CAC card to the login (default)
keychain.
a) Insert
your USB CAC reader into the system
b)
Launch Keychain Access (Go | Utilities |
Keychain Access)
c)
Click on Show Keychains.
d)
Insert your CAC into the reader.
I am
unable to complete the remainder of the instructions, below, because my CAC
card does NOT show up in the key chain:
Note
that a new entry appears (smart card #x).
e)
Click on the smart card #x keychain.
f)
Select the certificates with your name (Last.First.MI.xxxxxxx) and click on Edit
| Copy.
g)
Click on the login (default) keychain and click on Edit |
Paste.
h) Close Keychain
Access.
I have tried everything available on the internet to include
the following links:
http://www.army.mil/AKO/info/guides/CACconfig/setup/index.html
http://cisr.nps.navy.mil/downloads/nps_cs_06_009.pdf
The installed (and subsequently uninstalled) the program
AdmitMAc for CAC by Thursby and that didn’t help, either?!
HELP!!!!
Thanks in advance for your time and patience in addressing
my inquiry.
~Eric
//SIGNED//
Eric C. Burdge, MD,
PhD, Major, USAF, MC
General
Surgeon
81st
MSGS/SGCQ
Keesler AFB, Mississippi
(Commercial: 228.376.3825
7Commercial: 228.376.0134
* *
* * This electronic
transmission may contain FOR OFFICIAL USE ONLY (FOUO) information which must be
protected under the Privacy Act and AFI 33-332, or may contain information
covered under the Privacy Act, 5 USC 552(a), Health Insurance Portability and
Accountability Act, Public Law 104-191, and DoD Directive 6025.18. It must
be protected in accordance with those provisions.
It may also contain
personal medical information protected by the Privacy Act of 1974 (see AFI
33-332) and the Health Insurance Portability and Accountability Act (HIPAA)
(see DoD 6025.18-R) not intended for disclosure outside government channels and
exempt from mandatory disclosure under the Freedom of Information Act, 5
U.S.C., 552. Exemption 6 may apply. Do not release outside of DoD
channels without the consent of the originator’s office. If you
received this message in error, please notify the sender by reply e-mail and
delete all copies of message. * * * *