Re: [Fed-Talk] PIV-II usage on Macs
Re: [Fed-Talk] PIV-II usage on Macs
- Subject: Re: [Fed-Talk] PIV-II usage on Macs
- From: Paul Nelson <email@hidden>
- Date: Fri, 13 Feb 2009 10:15:33 -0600
- Thread-topic: [Fed-Talk] PIV-II usage on Macs
> From: "Miller, Timothy J." <email@hidden>
> On 2/12/09 7:20 PM, "Paul Nelson" <email@hidden> wrote:
>
>> There are many other issues that you will encounter once you have gotten
>> your first login to work using a smartcard. Here are some things to keep in
>> mind:
>
>> 1) Configuring certificates in the GAL so other users can send you encrypted
>> e-mail. You'll want to be able to do this without needing a PC!
>
> That's not all that hard. Stuff the DER-encoded encryption cert into
> userCertificate, delete userSMIMECertificate, and make sure you push an
> Office GPO that includes minimum encryption setting of 168 (this locks out
> weak algorithms for S/MIME). Could do it with a script. :)
If you are doing this from a PC script, where did you get the user's
certificate? If you are doing it from a Mac, are you going to use dscl in a
script? This may not be that big a deal, but it is not something you get by
default.
>
>> 6) Rights elevation (like the windows runas or Apple's sudo) with only a
>> smartcard (no password)
>
> Doesn't this work already?
It works for GUI based stuff (clicking on padlocks for example), but not for
command line administration.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden