Re: [Fed-Talk] CAC Reader and AKO on Older MacBookPro
Re: [Fed-Talk] CAC Reader and AKO on Older MacBookPro
- Subject: Re: [Fed-Talk] CAC Reader and AKO on Older MacBookPro
- From: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>
- Date: Mon, 26 Jul 2010 08:50:29 -0400
- Priority: normal
But the message did ask if I wanted to *store* it to my keychain. Does that make a difference?
----- Original Message -----
From: "Shawn A. Geddis" <email@hidden>
Date: Monday, July 26, 2010 8:19
Subject: Re: [Fed-Talk] CAC Reader and AKO on Older MacBookPro
To: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>
Cc: Fed Talk <email@hidden>, SmartCard Services-Users <email@hidden>
> Paul,
>
> Ahh, I understand the confusion. When you were prompted for a
> "Password" and you entered the "PIN" it was not saved in your file-
> based keychain, but rather the system "unlocked" your Smart Card (
> a Smart Card IS a Keychain).
>
> Some dialogs still refer to "password" while displaying the name
> of the Keychain (your Smart Card Name), but the "PIN" you entered
> is never stored in a file-based Keychain. The PIN is used as part
> of the Challenge-Response with the card which is frequently
> referred to as "unlocking" your card.
>
> While your card remains in the reader after entering the PIN, the
> PIN is cached by the security server to prevent your needing to re-
> enter it for every single transaction involving the private
> key(s). If you pull the card, log out or shut the system down,
> the cached PIN is thrown away and you would then need to enter the
> PIN again next time you need to access the private key(s). This is
> also true if you switch between Mac OS X and a virtualized
> environment using the Smart Card.
>
> - Shawn
> _____________________________________________________
> Shawn Geddis - Security Consulting Engineer - Apple Enterprise
>
> On Jul 26, 2010, at 7:35 AM, Villano, Paul Mr CIV USA TRADOC wrote:
> > The "password" that was saved was the PIN for the CAC. It did
> go through the CAC and worked.
> >
> > ----- Original Message -----
> > From: "Shawn A. Geddis" <
> > Date: Wednesday, July 21, 2010 16:37
> > Subject: Re: [Fed-Talk] CAC Reader and AKO on Older MacBookPro
> > To: "Villano, Paul Mr CIV USA TRADOC" <
> > Cc: email@hidden
> >
> >
> >> On Jul 20, 2010, at 8:48 AM, Villano, Paul Mr CIV USA TRADOC wrote:
> >>> So I finally got around to testing from home the CAC reader I
> >> got from the suggestions from folks on this list. I was prepared
> >> for a longish session of downloading certificates and what not.
> >> Instead I said, what the hey, why not just try it? So I just
> >> stuck the card in, clicked the CAC/Low bandwidth button on AKO,
> >> added the p/w to my keychain, and...well...It just worked! :o)
> >>>
> >>> Anything I'm missing? Am I supposed to download something else?
> >> Even though I'm typing this it's hard to believe it worked
> >> within about 10 seconds.
> >>
> >>
> >> Paul,
> >>
> >> If you added ANY password to you keychain it would mean that a
> >> Smart Card was not in use, since there would be nothing to store
> >> inside of a keychain --> A Smart Card IS a Keychain.
> >>
> >> You shouldn't experience any issues in using the CAC, but wanted
> >> to point out that your ref to saving a p/w in your keychains
> >> indicates you were not using your CAC.
> >>
> >> Keep in mind that all Smart Card related User questions, comments,
> >> issues should all go to the SmartCardServices lists....
> >>
> >> http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-
> >> users
> >> - Shawn
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden