Re: [Fed-Talk] Cac not being read correctly
Re: [Fed-Talk] Cac not being read correctly
- Subject: Re: [Fed-Talk] Cac not being read correctly
- From: Paul Nelson <email@hidden>
- Date: Fri, 27 Mar 2009 12:16:58 -0500
- Thread-topic: [Fed-Talk] Cac not being read correctly
Why not just remove all the caches. It's not that much work for the system
to rebuild them.
Also, you can't use 'sudo' and a wildcard for the tokens folder since the
user shell doesn't have permissions to look in there.
sudo /bin/sh -c "rm -rf /var/db/TokenCache/tokens/*"
should do the trick since it starts a new shell to expand a wildcard.
Paul Nelson
Thursby Software Systems, Inc.
> From: Marty Riley <email@hidden>
> Reply-To: <email@hidden>
> Date: Fri, 27 Mar 2009 16:50:11 +0000
> To: "Miller, Timothy J." <email@hidden>, 'Joe' <email@hidden>
> Cc: Apple Fed Talk <email@hidden>
> Subject: Re: [Fed-Talk] Cac not being read correctly
>
> I've tried to get to the cac-XXXX-XXXX-XXXX-XXXX using the sudo rm -r command
> through terminal, still can't get there. Any advice.
>
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: "Marty Riley" <email@hidden>
>
> Date: Fri, 27 Mar 2009 16:32:57
> To: Miller, Timothy J.<email@hidden>; 'Joe'<email@hidden>
> Cc: email@hidden<email@hidden>
> Subject: Re: [Fed-Talk] Cac not being read correctly
>
>
> Joe; Tim,
>
> I apparently am not savvy enough with Mac OS to find the sub folders. I'm
> looking for the tokens in sudo rm previously mentioned. Can one of you guys
> walk this 'poser' through the steps to get there? I'm getting a whiff of
> victory now, I just need a little help to find those tokens.
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: "Miller, Timothy J." <email@hidden>
>
> Date: Fri, 27 Mar 2009 12:26:34
> To: 'Joe'<email@hidden>;
> email@hidden<email@hidden>
> Cc: email@hidden<email@hidden>
> Subject: RE: [Fed-Talk] Cac not being read correctly
>
>
> The below is correct and should fix the problem. Also, you may need to get
> the certs for CAs 19 and 20 as they're not rolled into the System keychain
> yet.
>
> -- Tim
>
>> -----Original Message-----
>> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>> talk-bounces+tmiller=email@hidden] On Behalf Of Joe
>> Sent: Friday, March 27, 2009 10:44 AM
>> To: email@hidden
>> Cc: email@hidden
>> Subject: Re: [Fed-Talk] Cac not being read correctly
>>
>> Marty,
>>
>> I didn't read ALL of your email, but I just had the same issue. I am
>> getting ready to test this now, and am confident it will work.
>>
>> Previously, another Fed-Talk member (Chris Blaine) posted the following,
>> which worked for him:
>>
>> -------
>> I had the same problem, and finally found a posting in another Apple
>> forum,
>> Apple-cdsa (
>> http://lists.apple.com/archives/apple-cdsa/2008/May/msg00003.html) which
>> gave me the answer.
>>
>> The answer comes in the last paragraph...
>>
>> Meanwhile, take a look at /var/db/TokenCache/tokens. There is one
>> directory
>> in there for each card the system remembers having seen before, named by
>> whatever identifier the Tokend has assigned the card (the form is token
>> identifier:card identifier). Remove the card and blow away that
>> directory,
>> and when you re-insert the card you should get the new contents (because
>> you
>> removed the place where the Tokend would store its cached data). Note
>> that
>> if you do this, the system will also think your card is new (never
>> before
>> seen).
>>
>> There is a cached copy of my previous tokens, Deleting the referenced
>> directories, as below resolved my issue, and allowed the new
>> certificates to
>> be populated into keychain.
>>
>> sudo rm -r com.apple.tokend.cac:CAC-XXXX-XXXX-XXXX-XXXX
>>
>> --
>> Thanks
>> Chris Blaine
>> Senior Network Engineer
>> Network Security Officer
>> C4I Programs
>> 700 Robbins St, Bldg 2A
>> Philadelphia, PA 19111
>> -------
>>
>> Thanks,
>> Joe O'Toole
>>
>>
>>
>> On Mar 27, 2009, at 11:39 AM, Marty Riley wrote:
>>
>>
>>
>> I'm having trouble reading my CAC Card accurately which was
>> recently
>> updated with a NMCI e-mail address. Prior to accomplishing this, I
>> had
>> no trouble at all accessing my OWA e-mail via my Macs, and am
>> wondering if keychain access "caches" smart card info based on a
>> serial number of a CAC Card.
>>
>> System:
>> iMac and Mac Pro both running Leopard 10.5.6
>> Cac Card readers SCR331 flashed to 5.25 firmware version
>> Cac Card GEMAL TO ACCESS 64KV2
>>
>> Certificates prior to the email update:
>> ID certificate: CA-16
>> Encryption: CA-15
>> E-mail Signature: CA-15
>>
>> Certificates after the email update:
>> ID certificate: CA-16 (no change)
>> Encryption: CA-19 (changed)
>> E-mail Signature: CA-19 (changed)
>>
>> I am able to access DoD websites that I registered at with the ID
>> certificate (CA-16) still, as that one didn't change. But no joy
>> on
>> the OWA access which uses the DOD EMAIL signature, due in part I
>> think, to the CA changing. Which is unusual I think, because it's
>> the
>> same station that issued my original CAC card?!
>>
>> I have spent four days reading posts, cleared Safari cache, ran
>> Onyx
>> for cleanups, cleared all the keychains from my list and imported
>> them
>> again, and spent a whole lot of time with the smiling little face
>> of
>> 'finder' surfing though the computer and can't seem to find
>> anything
>> (I think he's taunting me now!). I've tried everything except
>> starting
>> from scratch with a new CAC card. I'm reluctant to do that since I
>> have so many DoD sites that I work with along with legacy e-mail
>> accounts (I know, I know.....)
>>
>> When I insert the CAC card, it clearly shows up in my keychain
>> access
>> list, but when I look at each certificate, they're the ones that
>> were
>> on the card prior to the e-mail address update (CA-15), complete
>> with
>> the prior e-mail address. I don't understand. I've even sent e-
>> mails
>> to my personal e-mail address from work that I digitally signed,
>> and
>> the certificate for the e-mail address shows up correctly (CA-19)
>> in
>> my login keychain (verified)- so I don't think it's a CA Root or
>> DOD
>> Email certificate problem.
>>
>> Do I need to just swallow it and get a new CAC card? or can anyone
>> help me find the elusive cache (or whatever else) that I think is
>> killing me?
>> Sent from my Verizon Wireless BlackBerry
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> talk/email@hidden
>>
>> This email sent to email@hidden
>>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden