Re: [Fed-Talk] Active Directory / PIV / HSPD-12
Re: [Fed-Talk] Active Directory / PIV / HSPD-12
- Subject: Re: [Fed-Talk] Active Directory / PIV / HSPD-12
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 30 Mar 2011 09:09:01 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Active Directory / PIV / HSPD-12
On Mar 30, 2011, at 7:38 AM, Rowe, Walter wrote:
> Does anyone have OS X working with USAccess (PIV) cards against an Active Directory domain? I can bind an individual PIV card to an individual user on an individual OS X system using directory service commands. For an AD user logging into OS X, the mobile account has to be created on the OS X client before binding the PIV certificate to the user.
That doesn't sound like PKINIT at all. That sounds like using the smartcard binding for local logon (via sc_auth). Once the local session is up, do you have your Kerberos tickets? If not, you really didn't do an AD logon; you did a local logon to a cached account.
> Can OS X query AD directly for the PIV certs and creds? Will OS X honor CRLs? What are others doing on OS X clients to meet HSPD-12?
See here:
http://lists.apple.com/attachments/pdfALciALxPDv.pdf
I haven't actually done this (yet).
-- T
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden