Re: [Fed-Talk] One last question about USB & CAC cards.
Re: [Fed-Talk] One last question about USB & CAC cards.
- Subject: Re: [Fed-Talk] One last question about USB & CAC cards.
- From: "Halpin, Stanley M Mr CIV USA ODCSPER" <email@hidden>
- Date: Thu, 10 Sep 2009 14:44:34 -0500
Classification: UNCLASSIFIED
Caveats: NONE
I can't attest to "standards", but I do know from my own experience,
working with 10.4.11 still, that an SMC 331 reader with appropriate
firmware upgrades works for both the Mac and for XP-Pro running under
VMWare. (Works = allows me to do a CAC-sign-on to AKO, CPOL, DTS (on
the Windows side only), etc.) The limitation is in the way that the
two systems share the USB port. One at a time. The active system
doesn't just automatically take control of the ports when you switch
from one to the other system. You need to Assign or Release the port,
respectively, within the virtual environment in to use it there or
to allow the Mac side to use it. Once you have assigned that Port
within the virtual environment, that relationship persists; the port
is invisible on the Mac, until you Release it again. No big deal but
not a transparent sharing of resources. I believe Parallels works the
same way.
Stan Halpin
email@hidden
Classification: UNCLASSIFIED
Caveats: NONE
On Sep 10, 2009, at 2:28 PM, Jacob, Raymond CIV SPAWARSYSCEN-
ATLANTIC, 58420 wrote:
Is there a standard that would allow Virtual and Physical machines
to share USB devices such as CAC
card readers, USB printers, USB scanners, USB hard drives...? I am
really interested in sharing the CAC card reader
between the MAC and different VMs.
I am guessing something like RDP over USB but that is just a guess.
r/raymond
-----Original Message-----
From: fed-talk-bounces+raymond.jacob=email@hidden
[mailto:fed-talk-bounces+raymond.jacob=email@hidden] On
Behalf Of email@hidden
Sent: Thursday, September 10, 2009 15:06
To: email@hidden
Subject: Fed-talk Digest, Vol 6, Issue 238
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: Safari 4 and Software Certs (David Mueller)
2. Key Chain victim (Jacob, Raymond CIV SPAWARSYSCEN-ATLANTIC,
58420)
3. CAC as PIV (somewhat) working in Firefox with Apple's
tokendPKCS11.so module on Snow Leopard (Miller, Timothy J.)
----------------------------------------------------------------------
Message: 1
Date: Thu, 10 Sep 2009 08:03:29 -0700
From: David Mueller <email@hidden>
Subject: Re: [Fed-Talk] Safari 4 and Software Certs
To: "Thornton, Neill R. CIV" <email@hidden>, Fed-talk
<email@hidden>
Message-ID: <C6CE6351.2D0CÚemail@hidden>
Content-Type: text/plain; charset="ISO-8859-1"
On 9/9/09 10:57 AM, "Thornton, Neill R. CIV"
<email@hidden>
wrote:
I have a software cert installed on my login keychain that
authenticates me to an exchange 2007 OWA server. When I connect for
the first time, it has no problems, everything works great, I get
right to my webmail. I have an identity preference set for the
URL in question.
However, if I wait a few minutes, and then click anything on the
page,
the server replies that ³This site requires a client certificate², as
if Safari stopped sending my cert. If I close the window and re-open
it, everything is once again working for a few more minutes.
In my experience, it seems to work best to have two Identity
Preferences for OWA servers, one with a / at the end of the address
and one without. I'm using a certificate on a smart card, but I
don't see why it would make a difference for a software certificate.
- David
------------------------------
Message: 2
Date: Thu, 10 Sep 2009 11:49:10 -0400
From: "Jacob, Raymond CIV SPAWARSYSCEN-ATLANTIC, 58420"
<email@hidden>
Subject: [Fed-Talk] Key Chain victim
To: <email@hidden>
Message-ID:
<email@hidden
vy.mil>
Content-Type: text/plain; charset="us-ascii"
Problem: the https sites that I need to get to like AKO. I
accidently removed from my key chain. I added akocac to key chain
but I am still having trouble.
I can get to certain sites in DOD and not others.
Question: How do I get the browser to automatically import/create
new login identities- i.e. like windoze- when I visit the site
instead of adding them manually such as AKO ?
Does Middleware solve this problem i.e. ActiveIdentity?
thank you,
raymond
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5210 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/
20090910/619b9c64/smime-0001.bin
------------------------------
Message: 3
Date: Thu, 10 Sep 2009 14:30:30 -0400
From: "Miller, Timothy J." <email@hidden>
Subject: [Fed-Talk] CAC as PIV (somewhat) working in Firefox with
Apple's tokendPKCS11.so module on Snow Leopard
To: Apple Fed Talk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
OK, this *wasn't* working last week, but is now. FF updated to
3.5.3 on my in the interim; if that's necessary or not I've not
determined yet.
Major Limitation: I can only see the PIV-Authentication and email
encryption certs; I *cannot* see the email signing cert. So while I
can now log into the AF Portal with FF, I can't log into webmail or
AKO. However, I can (currently) use Safari for these once though
the ID pref rigamarole.
The new PKCS#11 module is in /usr/libexec/SmartCardServices/pkcs11/
tokendPKCS11.so. Load it into FF as you did with other modules:
https://developer.mozilla.org/en/PKCS11_Module_Installation
If you have other *hardware* PKCS#11 modules (e.g., Coolkey,
OpenSC, or MUSCLE), delete them. DO NOT DELETE THE NSS INTERNAL
PKCS#11 MODULE.
-- Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2533 bytes
Desc: not available
Url : http://lists.apple.com/mailman/private/fed-talk/attachments/
20090910/c8fae21f/smime-0001.bin
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 6, Issue 238
****************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40us.army.mil
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden