[Fed-Talk] One last question about USB & CAC cards.
[Fed-Talk] One last question about USB & CAC cards.
- Subject: [Fed-Talk] One last question about USB & CAC cards.
- From: "Jacob, Raymond CIV SPAWARSYSCEN-ATLANTIC, 58420" <email@hidden>
- Date: Thu, 10 Sep 2009 15:28:49 -0400
- Thread-topic: One last question about USB & CAC cards.
Is there a standard that would allow Virtual and Physical machines to share USB devices such as CAC
card readers, USB printers, USB scanners, USB hard drives...? I am really interested in sharing the CAC card reader
between the MAC and different VMs.
I am guessing something like RDP over USB but that is just a guess.
r/raymond
-----Original Message-----
From: fed-talk-bounces+raymond.jacob=email@hidden [mailto:fed-talk-bounces+raymond.jacob=email@hidden] On Behalf Of email@hidden
Sent: Thursday, September 10, 2009 15:06
To: email@hidden
Subject: Fed-talk Digest, Vol 6, Issue 238
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: Safari 4 and Software Certs (David Mueller)
2. Key Chain victim (Jacob, Raymond CIV SPAWARSYSCEN-ATLANTIC, 58420)
3. CAC as PIV (somewhat) working in Firefox with Apple's
tokendPKCS11.so module on Snow Leopard (Miller, Timothy J.)
----------------------------------------------------------------------
Message: 1
Date: Thu, 10 Sep 2009 08:03:29 -0700
From: David Mueller <email@hidden>
Subject: Re: [Fed-Talk] Safari 4 and Software Certs
To: "Thornton, Neill R. CIV" <email@hidden>, Fed-talk
<email@hidden>
Message-ID: <C6CE6351.2D0CÚemail@hidden>
Content-Type: text/plain; charset="ISO-8859-1"
On 9/9/09 10:57 AM, "Thornton, Neill R. CIV" <email@hidden>
wrote:
> I have a software cert installed on my login keychain that
> authenticates me to an exchange 2007 OWA server. When I connect for
> the first time, it has no problems, everything works great, I get
> right to my webmail. I have an identity preference set for the URL in question.
>
> However, if I wait a few minutes, and then click anything on the page,
> the server replies that ³This site requires a client certificate², as
> if Safari stopped sending my cert. If I close the window and re-open
> it, everything is once again working for a few more minutes.
In my experience, it seems to work best to have two Identity Preferences for OWA servers, one with a / at the end of the address and one without. I'm using a certificate on a smart card, but I don't see why it would make a difference for a software certificate.
- David
------------------------------
Message: 2
Date: Thu, 10 Sep 2009 11:49:10 -0400
From: "Jacob, Raymond CIV SPAWARSYSCEN-ATLANTIC, 58420"
<email@hidden>
Subject: [Fed-Talk] Key Chain victim
To: <email@hidden>
Message-ID:
<email@hidden>
Content-Type: text/plain; charset="us-ascii"
Problem: the https sites that I need to get to like AKO. I accidently removed from my key chain. I added akocac to key chain but I am still having trouble.
I can get to certain sites in DOD and not others.
Question: How do I get the browser to automatically import/create new login identities- i.e. like windoze- when I visit the site instead of adding them manually such as AKO ?
Does Middleware solve this problem i.e. ActiveIdentity?
thank you,
raymond
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5210 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/20090910/619b9c64/smime-0001.bin
------------------------------
Message: 3
Date: Thu, 10 Sep 2009 14:30:30 -0400
From: "Miller, Timothy J." <email@hidden>
Subject: [Fed-Talk] CAC as PIV (somewhat) working in Firefox with
Apple's tokendPKCS11.so module on Snow Leopard
To: Apple Fed Talk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
OK, this *wasn't* working last week, but is now. FF updated to 3.5.3 on my in the interim; if that's necessary or not I've not determined yet.
Major Limitation: I can only see the PIV-Authentication and email
encryption certs; I *cannot* see the email signing cert. So while I
can now log into the AF Portal with FF, I can't log into webmail or AKO. However, I can (currently) use Safari for these once though the ID pref rigamarole.
The new PKCS#11 module is in /usr/libexec/SmartCardServices/pkcs11/
tokendPKCS11.so. Load it into FF as you did with other modules:
https://developer.mozilla.org/en/PKCS11_Module_Installation
If you have other *hardware* PKCS#11 modules (e.g., Coolkey, OpenSC, or MUSCLE), delete them. DO NOT DELETE THE NSS INTERNAL PKCS#11 MODULE.
-- Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2533 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/20090910/c8fae21f/smime-0001.bin
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 6, Issue 238
****************************************
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden