Re: [Fed-Talk] Identity Preference Tool for 10.4.x
Re: [Fed-Talk] Identity Preference Tool for 10.4.x
- Subject: Re: [Fed-Talk] Identity Preference Tool for 10.4.x
- From: "Shawn A. Geddis" <email@hidden>
- Date: Tue, 27 Jan 2009 07:04:23 -0800
Arendt,
I provided you the tool off-list. It replicates the process (for
10.4.x) what is available via Keychain Access in 10.5.x.
Also, you can view the message I sent to the list (via the archives)
regarding the proper setting of Identity Preference information.
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
On Jan 26, 2009, at 8:32 PM, Arendt Christopher D 1st Lt AFIT/ENS wrote:
All,
If that 10.4.x manual Identity Preferences tool is out there
somewhere, I'd still like it.
In the mean time, I've developed a (complicated) work-around:
1. Use well-behaved secure server to generate automatic Identity
Preference for CAC certificate (I used the AFPC secure site).
2. Duplicate login.keychain in ~/Library/Keychains that contains
newly generated automatic Identity Preference for CAC certificate.
3. Open the duplicate copy of login.keychain in Keychain Access.
4. In Keychain Access, edit the URL of the duplicate login
keychain's version of the automatically generated Identity Preference.
5. Drag (add) the edited version of the Identity Preference to the
original login keychain.
The devil is in the details. You may need to generate a couple
duplicates of the original login.keychain.
For my uses, I had to generate two (2) copies of the auto-generated
Identity Preference for each secure server I wanted to visit:
The first copy, I edited the Identity Preference URL to https://secure.server.address
The next copy, I edited the Identity Preference URL to https://secure.server.address/
For some reason, for the sites I wanted, I needed both versions of
the Identity Preference.
Or, at least, this was the method with which I could re-create my
success.
Once completed, I'll post this work-around on my idisk:
http://idisk.mac.com/captarendt/Public?view=web
Good luck!
-Christopher D. Arendt, Capt, USAF
Master's Student
Air Force Institute of Technology
-----Original Message-----
From: fed-talk-bounces+christopher.arendt=email@hidden
on behalf of Arendt Christopher D 1st Lt AFIT/ENS
Sent: Sun 1/25/2009 10:28 PM
To: email@hidden
Subject: [Fed-Talk] Identity Preference Tool for 10.4.x
The Air Force Institute of Technology is moving to a CAC-only log-in
system, and I'm developing some tools and procedures to get our Mac
users compliant with this new system.
I've managed to get compliance on all Macs running 10.5.x, but for
Macs running 10.4.x, we need to be able to create some Identity
Preferences for our web-based Cisco ASA VPN sites.
I read in the message below that Shawn Geddis has a tool for
manually creating Identity Preferences in 10.4.x:
http://lists.apple.com/archives/Fed-talk/2007/Nov/msg00045.html
Does anyone know how I can get a copy of that tool?
Thank you.
-Christopher D. Arendt, Capt, USAF
Air Force Institute of Technology
Wright-Patterson Air Force Base
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden