RE: [Fed-Talk] CAC Assistance
RE: [Fed-Talk] CAC Assistance
- Subject: RE: [Fed-Talk] CAC Assistance
- From: "Smith CIV Larry E" <email@hidden>
- Date: Wed, 1 Dec 2010 15:58:51 -0500
- Thread-topic: [Fed-Talk] CAC Assistance
Michael - thanks for the info. This seems to work fine on mobile accounts on different clients. Two more questions: can you change the login screen to only allow CACs and can you enforce the screen saver or lock the client when the CAC is removed?
Thanks
Larry
Larry E. Smith II
Technical Director
USMC CDET
2300 A Louis Rd.
Quantico, VA 22134
703-784-5193 DSN 278
Bb 240-299-2226
-----Original Message-----
From: fed-talk-bounces+larry.e.smith=email@hidden [mailto:fed-talk-bounces+larry.e.smith=email@hidden] On Behalf Of Michael Winslow
Sent: Monday, November 29, 2010 11:45 PM
To: Niles, John B RET; email@hidden
Subject: Re: [Fed-Talk] CAC Assistance
Yes, it is pretty easy to setup CAC login on your Mac. I do not have CAC
authentication working with the Apple Mail app, but I do have my Webmail
working via Entourage for Mac (2008) via CAC.
To get CAC login to your Mac working, you simply need to link the CAC Cert
ID with your account on your machine. Apple built in a command line tool for
doing this. Step by step instructions would be as follows (for Snow Leopard
10.6). I am assuming that you have an administrative account on your machine
(if you don't some steps may change slightly).
1. Open a Terminal Window (Macintosh HD -> Applications -> Utilities ->
Terminal.app)
2. type in "sc_auth hash" without the quotes
3. Select the long hash code (Hexadecimal) number for your Identity Private
Key (Should be 40 characters long). Copy this Hexadecimal number.
4. You need to know your account's short name, if you do not know what it
is, you can simply type in "whoami" into terminal and it will tell you your
shortname.
5. Finally, map your certificate to your CAC by typing in the following
command "sudo sc_auth accept -u <SHORT_NAME> -h <CERT_HASH_NUMBER>"
replacing <SHORT_NAME> with your account's short name that you got in Step 4
and <CERT_HASH_NUMBER> that you copied in Step 3. You will be prompted to
type in your password as this requires privileged access to do.
Here is the supporting document that I used to come up with this...
http://support.apple.com/kb/TA24244?viewlocale=en_US
Thanks,
Michael Winslow
SPAWAR Systems Center Pacific
On 11/29/10 8:12 AM, "Niles, John B RET" <email@hidden> wrote:
> Fed-Talk,
>
> I have recently been informed that all computers on our network must be
> equipped to log in with a CAC card. No password logins will be allowed. The
> deadline is mid-December (I usually get these notices late).
>
> I am working with some of the IT people at my location regarding my Macs.
> There are some options. However, their contract does not cover Macs, so for
> the most part, I will have to figure something out, or I will be using PC's
> shortly.
>
> The best solution would be to modify my login to require a CAC. While I know
> this is possible, I do not know of a simple way to arrange this.
>
> Does someone have a cookbook solution for this problem suitable for someone
> who is not an IT type? Just a step by step route?
>
> Also, is there a cookbook solution for modifying Mail to login only with a
> CAC? This is not as important because I can always fall back to AKO CAC
> login, although it would be clunky.
>
> Regards,
>
> John Niles
> OGL Enterprises LLC
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden