Re: [Fed-Talk] Support for CAC's
Re: [Fed-Talk] Support for CAC's
- Subject: Re: [Fed-Talk] Support for CAC's
- From: Michael Kluskens <email@hidden>
- Date: Mon, 15 Nov 2010 18:31:24 -0500
On Nov 12, 2010, at 11:58:25 AM, Thomas, Christopher CIV DTIC Z wrote:
> Just a note, for DoD Apple Macintosh users, initial use of CAC's on Mac OS 10.6.5 shows no new issues. I have been able to get to DoDTechipedia, my org's OWA, and DKO/AKO and Defense Travel.
Yes, no new issues, just old issues caused by Safari 5.0.x which I'll documented on the Smart Card Mailing list and filed in bug reports with Apple when 10.6.4 and Safari 5.0 were released (documented using clean installs of 10.6.3 and 10.6.4 and no data migration--dead silence on those reports). Based on my latest testing with a clean install of OS X 10.6.5 with my CAC card and reader:
Safari 5.0.2 -
worked at 3 internal sites, DTS, powhatan.iiie.disa.mil/haipe/, dod411.gds.disa.mil
failed at infosec.navy.mil and 1 internal site
(a co-worker with a brand new iMac saw the same failures with a different brand of CAC card and different brand of smart card reader -- most users at our site don't go to these two sites)
(Safari 5.0.2 on 10.5.8 fails on the same web sites)
Firefox 3.6.12 -
worked at DTS (2nd try)
failed at 4 internal sites, infosec.navy.mil, powhatan.iiie.disa.mil/haipe/, dod411.gds.disa.mil (error: sec_error_pkcs11_function_failed)
Chrome 7.0.517.44 -
worked at 4 internal sites, infosec.navy.mil, powhatan.iiie.disa.mil/haipe/, dod411.gds.disa.mil
failed at DTS (Java was enabled, you have to dig to find that setting)
Safari 4.0.5 works on all the listed sites but may require identity preferences to be set. Given that Safari 4.0.5 and Chrome are using OS X's Keychain system and work perfectly on sites that Safari 5.0.x fails on, it's very clear that it's not a driver or card issue. Something about certain sites causes Safari 5.0.2 to choke when a Smart Card has more then one certificate on it (Infosec causes Safari 5.0.x to list FOUR certificates for my coworker's CAC and mine as well).
Meanwhile another user could not reach dod411.gds.disa.mil with Safari 5.0.2 under OS X 10.5.8, but I could under 10.6.5 with Safari 5.0.2 and Chrome worked just fine for him. The problem there was completely different, error message about not having permission, looked a lot like the old identify issues under Safari 4.0.5.
In summary: Safari 5.0.2 for DTS and Google Chrome for anything that Safari 5.0.2 fails on unless you use Safari 4.0.5, meanwhile Firefox is virtually useless with the CAC.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden