Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards (UNCLASSIFIED)
Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards (UNCLASSIFIED)
- Subject: Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards (UNCLASSIFIED)
- From: "Mueller, David S CIV SPAWARSYSCEN-PACIFIC, 58110" <email@hidden>
- Date: Thu, 12 May 2011 11:08:27 -0700
- Thread-topic: [Fed-Talk] Oberthur ID One 128 v5.5 cards (UNCLASSIFIED)
I haven't noticed a CAC vs PIV issue; as far as I know they're different
applets that access the same certificates. So if a site wants the CAC ID
cert, the PIV Auth cert should work as well.
OpenSC provides both a Tokend (I disable Apple's CAC and PIV toeknd so
there's not conflict) for keychain integration as well as a PKCS#11 module
that can be used with Mozilla apps. I don't use smart card login, but I
don't see why it would work using CAC vs PIV. Note that in the keychain,
they would appear different so you'd have to make sure the PIV version is
setup for what you need. I know for the Identity Preferences that Safari
uses, I had to edit them reselect the certificate as the Preferred
Certificate.
- David
On 5/12/11 10:16 AM, "Shomo, Michelle L USA CTR (US)"
<email@hidden> wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> This does not allow use of the CAC ID certificate. Only the PIV ID
> certificate and the email signing and encryption certificates are available
> with the OpenSC tokend.
>
> So it only partially solves the issue, as any system that requires
> authentication using the CAC ID certificate, that doesn't accept the email
> signing or PIV certificates instead, won't work.
>
> Also there is an issue if you try to use your CAC for logon to your Mac
> (instead of UID password) if the screen lock requires authentication to
> regain access you can't use the CAC to unlock and get back onto the Mac (and
> if you try to use the CAC to unlock the Mac it hangs and you have to
> forcibly power the system down to recover).
>
> Michelle
>
>
> -----Original Message-----
> From: fed-talk-bounces+michelle.l.shomo.ctr=email@hidden
> [mailto:fed-talk-bounces+michelle.l.shomo.ctr=email@hidden] On
> Behalf Of David Mueller
> Sent: Thursday, May 12, 2011 11:46 AM
> To: Michael Kluskens; Fed-talk
> Subject: Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards
>
> There was a post a couple months ago on the SmartcardServices-Users list
> that suggests that OpenSC might work:
>
> http://lists.macosforge.org/pipermail/smartcardservices-users/2011-March/000
> 211.html
>
> - David
>
>
> On 5/12/11 8:38 AM, "Michael Kluskens" <email@hidden> wrote:
>
>> We got our first "Oberthur ID One 128 v5.5 cards" which don't work with OS
> X,
>> before this all the NG cards that OS X coworkers got were Gemalto's I
> believe.
>>
>> The beta driver at <http://smartcardservices.macosforge.org/> says
> "Oberthur
>> ID One 128 v5.5 cards are not yet supported" and that is dated from one
> year
>> ago.
>>
>> We just encountered yet another .mil web site (extranet.onr.navy.mil) that
>> does not work with Safari 5.x but works with Chrome, once again the same
> bug I
>> filed with Apple more than a year ago dating from almost precisely when
> Safari
>> 5 was released.
>>
>> Given the number of complaints I'm getting from coworkers about OS X and
> DoD
>> CAC cards what software product do we need to buy to get basic web and
> mail
>> support in OS X for DoD CAC cards. Thursby PKard for Mac is $30 but seems
> to
>> do only web access, does in include drivers that work with OS X Mail?
>>
>> Michael
>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden