RE: [Fed-Talk] Cac not being read correctly
RE: [Fed-Talk] Cac not being read correctly
- Subject: RE: [Fed-Talk] Cac not being read correctly
- From: "Losasso, Jonathan E IT3 CCG, N63" <email@hidden>
- Date: Fri, 27 Mar 2009 10:23:04 -0700
- Thread-topic: [Fed-Talk] Cac not being read correctly
Don't forget /private/var/db/TokenCache/tokens/
(are they just links to each other anyway?)
-Jon
-----Original Message-----
From: fed-talk-bounces+jonathan.losasso=email@hidden
[mailto:fed-talk-bounces+jonathan.losasso=email@hidden] On
Behalf Of Paul Nelson
Sent: Friday, March 27, 2009 10:17
To: email@hidden; Miller, Timothy J.; 'Joe'
Cc: Apple Fed Talk
Subject: Re: [Fed-Talk] Cac not being read correctly
Why not just remove all the caches. It's not that much work for the system
to rebuild them.
Also, you can't use 'sudo' and a wildcard for the tokens folder since the
user shell doesn't have permissions to look in there.
sudo /bin/sh -c "rm -rf /var/db/TokenCache/tokens/*"
should do the trick since it starts a new shell to expand a wildcard.
Paul Nelson
Thursby Software Systems, Inc.
> From: Marty Riley <email@hidden>
> Reply-To: <email@hidden>
> Date: Fri, 27 Mar 2009 16:50:11 +0000
> To: "Miller, Timothy J." <email@hidden>, 'Joe'
> <email@hidden>
> Cc: Apple Fed Talk <email@hidden>
> Subject: Re: [Fed-Talk] Cac not being read correctly
>
> I've tried to get to the cac-XXXX-XXXX-XXXX-XXXX using the sudo rm -r
> command through terminal, still can't get there. Any advice.
>
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: "Marty Riley" <email@hidden>
>
> Date: Fri, 27 Mar 2009 16:32:57
> To: Miller, Timothy J.<email@hidden>; 'Joe'<email@hidden>
> Cc: email@hidden<email@hidden>
> Subject: Re: [Fed-Talk] Cac not being read correctly
>
>
> Joe; Tim,
>
> I apparently am not savvy enough with Mac OS to find the sub folders.
> I'm looking for the tokens in sudo rm previously mentioned. Can one of
> you guys walk this 'poser' through the steps to get there? I'm getting
> a whiff of victory now, I just need a little help to find those tokens.
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: "Miller, Timothy J." <email@hidden>
>
> Date: Fri, 27 Mar 2009 12:26:34
> To: 'Joe'<email@hidden>;
> email@hidden<email@hidden>
> Cc: email@hidden<email@hidden>
> Subject: RE: [Fed-Talk] Cac not being read correctly
>
>
> The below is correct and should fix the problem. Also, you may need
> to get the certs for CAs 19 and 20 as they're not rolled into the
> System keychain yet.
>
> -- Tim
>
>> -----Original Message-----
>> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>> talk-bounces+tmiller=email@hidden] On Behalf Of Joe
>> Sent: Friday, March 27, 2009 10:44 AM
>> To: email@hidden
>> Cc: email@hidden
>> Subject: Re: [Fed-Talk] Cac not being read correctly
>>
>> Marty,
>>
>> I didn't read ALL of your email, but I just had the same issue. I am
>> getting ready to test this now, and am confident it will work.
>>
>> Previously, another Fed-Talk member (Chris Blaine) posted the
>> following, which worked for him:
>>
>> -------
>> I had the same problem, and finally found a posting in another Apple
>> forum, Apple-cdsa (
>> http://lists.apple.com/archives/apple-cdsa/2008/May/msg00003.html)
>> which gave me the answer.
>>
>> The answer comes in the last paragraph...
>>
>> Meanwhile, take a look at /var/db/TokenCache/tokens. There is one
>> directory in there for each card the system remembers having seen
>> before, named by whatever identifier the Tokend has assigned the card
>> (the form is token identifier:card identifier). Remove the card and
>> blow away that directory, and when you re-insert the card you should
>> get the new contents (because you removed the place where the Tokend
>> would store its cached data). Note that if you do this, the system
>> will also think your card is new (never before seen).
>>
>> There is a cached copy of my previous tokens, Deleting the
>> referenced directories, as below resolved my issue, and allowed the
>> new certificates to be populated into keychain.
>>
>> sudo rm -r com.apple.tokend.cac:CAC-XXXX-XXXX-XXXX-XXXX
>>
>> --
>> Thanks
>> Chris Blaine
>> Senior Network Engineer
>> Network Security Officer
>> C4I Programs
>> 700 Robbins St, Bldg 2A
>> Philadelphia, PA 19111
>> -------
>>
>> Thanks,
>> Joe O'Toole
>>
>>
>>
>> On Mar 27, 2009, at 11:39 AM, Marty Riley wrote:
>>
>>
>>
>> I'm having trouble reading my CAC Card accurately which was recently
>> updated with a NMCI e-mail address. Prior to accomplishing this, I
>> had no trouble at all accessing my OWA e-mail via my Macs, and am
>> wondering if keychain access "caches" smart card info based on a
>> serial number of a CAC Card.
>>
>> System:
>> iMac and Mac Pro both running Leopard 10.5.6 Cac Card readers SCR331
>> flashed to 5.25 firmware version Cac Card GEMAL TO ACCESS 64KV2
>>
>> Certificates prior to the email update:
>> ID certificate: CA-16
>> Encryption: CA-15
>> E-mail Signature: CA-15
>>
>> Certificates after the email update:
>> ID certificate: CA-16 (no change)
>> Encryption: CA-19 (changed)
>> E-mail Signature: CA-19 (changed)
>>
>> I am able to access DoD websites that I registered at with the ID
>> certificate (CA-16) still, as that one didn't change. But no joy on
>> the OWA access which uses the DOD EMAIL signature, due in part I
>> think, to the CA changing. Which is unusual I think, because it's the
>> same station that issued my original CAC card?!
>>
>> I have spent four days reading posts, cleared Safari cache, ran Onyx
>> for cleanups, cleared all the keychains from my list and imported
>> them again, and spent a whole lot of time with the smiling little
>> face of 'finder' surfing though the computer and can't seem to find
>> anything (I think he's taunting me now!). I've tried everything
>> except starting from scratch with a new CAC card. I'm reluctant to do
>> that since I have so many DoD sites that I work with along with
>> legacy e-mail accounts (I know, I know.....)
>>
>> When I insert the CAC card, it clearly shows up in my keychain access
>> list, but when I look at each certificate, they're the ones that were
>> on the card prior to the e-mail address update (CA-15), complete with
>> the prior e-mail address. I don't understand. I've even sent e- mails
>> to my personal e-mail address from work that I digitally signed, and
>> the certificate for the e-mail address shows up correctly (CA-19) in
>> my login keychain (verified)- so I don't think it's a CA Root or DOD
>> Email certificate problem.
>>
>> Do I need to just swallow it and get a new CAC card? or can anyone
>> help me find the elusive cache (or whatever else) that I think is
>> killing me?
>> Sent from my Verizon Wireless BlackBerry
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> talk/email@hidden
>>
>> This email sent to email@hidden
>>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden