Re: [Fed-Talk] Government / Military Mac users get PIV single sign-on from Thursby (UNCLASSIFIED)
Re: [Fed-Talk] Government / Military Mac users get PIV single sign-on from Thursby (UNCLASSIFIED)
- Subject: Re: [Fed-Talk] Government / Military Mac users get PIV single sign-on from Thursby (UNCLASSIFIED)
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 4 Jun 2009 16:45:25 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Government / Military Mac users get PIV single sign-on from Thursby (UNCLASSIFIED)
On 6/4/09 12:59 PM, "Gillett, Thomas J. (CMS/CTR)"
<email@hidden> wrote:
> Yes , We had to set up a certificate server in our domain and issue
> certificates to our domain controllers -- I am omitting that part of the
> story. Yes , we dont want to use local accounts. So we would have to use
> AdmitMAC or centrify to take the place of the "middleware" in osx which, for
> the windows PC's is Activclient.
Not quite. ADmitMac and Centrify play the role of Winlogon (among other
things), not middleware.
Smartcard middleware enables communication between the card and the host
operating system; this is built-in on OS X for CAC, PIV, BELPIC, and JPKI
tokens.
What ADmitMac and Centrify do that's smartcard-related is enable Kerberos
PKINIT authentication, *not* enable communication with the card.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden