Re: [Fed-Talk] CAC on Mac OS X (Leopard)
Re: [Fed-Talk] CAC on Mac OS X (Leopard)
- Subject: Re: [Fed-Talk] CAC on Mac OS X (Leopard)
- From: Paul Nelson <email@hidden>
- Date: Mon, 23 Feb 2009 12:18:53 -0600
- Thread-topic: [Fed-Talk] CAC on Mac OS X (Leopard)
Title: Re: [Fed-Talk] CAC on Mac OS X (Leopard)
If you had Thursby’s ADmitMac for CAC installed under 10.5.5 AND you have an SCR 331 reader with firmware version less than 5.25 your setup probably worked fine with 10.5.5 or earlier because Thursby installed an updated CCID Driver bundle
After upgrading to 10.5.6, Apple’s installer deletes the Thursby CCID driver bundle. The newer software from Apple only supports the latest firmware, version 5.25, and your reader no longer works.
Two workarounds:
a) Update the firmware on the reader using the directions supplied by Shawn in an earlier post. You will need Windows XP to do this since the firmware update is not available for Windows 2003. This is the preferred method.
b) You can back out the changes made by Apple. First, run the ADmitMac installer again. Now make sure you have /usr/libexec/SmartCardServices/drivers/CCIDClassDriver.bundle. Next, back up the /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle and remove it from the drivers folder. Unplug all card readers and reboot. Try the reader now.
Paul Nelson
Thursby Software Systems, Inc.
From: "Shawn A. Geddis" <email@hidden>
Date: Sun, 22 Feb 2009 10:06:26 -0500
To: Jeffrey Wadsworth <email@hidden>
Cc: Apple Fed Talk <email@hidden>
Subject: Re: [Fed-Talk] CAC on Mac OS X (Leopard)
On Feb 21, 2009, at 3:12 PM, Jeffrey Wadsworth wrote:
Hello, I have leopard running on an iMac (PPC) and a MacBook Pro. Both had tiger installed prior to Leopard. The iMac for a much longer time, the macbook was upgraded from tiger right after I opened the box.
My CAC card is recognized by my iMac. My MacBook recognized my CAC ONCE immediately after updating the firmware on the reader. After a restart, it no longer populated my key chain with a CAC key.
Any suggestions on how to get my MacBook to recognize my CAC?
I am in the AF and would like to use OWA. The problem is getting the right identity preference, the OWA wants the email certificate. In windows when prompted, the activcard software gives two options, Email or not email. In the keychain, there are 2 email certs, signing and encryption, which one is supposed to be used?
I seems like most of the users on the list are Army or Navy. My situation is entirely with AF websites, any help would be greatly appreciated!
-Jeff Wadsworth
Jeff,
Which Smart Card Reader ? (Verify with System Profiler)
Which Smart Card ?
Which Mac OS X version ?
DId you install any third-party driver or software related to Smart Cards ?
I previously sent several very detailed email messages to the list on various topics which would help you here, check the archives as well. The Date sent and the Subjects in reverse chronological order were:
Dec 17 Clarification on Safari/Certs change with Mac OS X 10.5.3 and beyond
Dec 17 SCSU v1.2 ==> Mac OS X 10.5.6!
Sept 19 [UPDATE] Smart Card Services Update v1.2 (Universal) Now Available!
Sept 11 [NOTICE] Mac OS X 10.5.5 will still require installation of "Smart Card Services Update"
July 7 [Discussion] (4) Support Smart Card "Types" on Mac OS X 10.5
July 7 [Discussion] (3) Enabling Intermediate CA Certificates - SystemCACertificates
July 2 [Discussion] (2) Card recognized, but I cannot access PKI protected Websites
July 2 [Discussion] (1) Reader and/or Card not recognized by Mac OS X 10.5
July 2 [Discussion] 10.5.x/Smart Card/Safari Issues
Also for those who may have missed my previous announcement, I am now administrating the SmartCardServices project via MacOSForge.org <http://MacOSForge.org> site -- http://smartcardservices.macosforge.org/
That site is for Developers and Users alike
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden