Michael, et al.
I was able to get it to work with our PKard for Mac v1.2:
http://www.thursby.com/products/pkard.html
First, I have to state that this is not yet supported functionality
of the product. It does work for me, and it should work for you,
but we can't provide technical support for it with the current
version.
Second, my testing involved an in-house PIV-I, so I had to go
through a few extra steps to make sure our signing DC was a trusted
CA. This might be necessary for some CACs or PIVs.
----------------------------------------
- Log in to the Mac with a local administrator account (card NOT in
the reader)
- Launch Keychain Access form the Applications/Utilities folder
- Insert the card into the card reader
- In the Keychains panel of Keychain Access, select the card's
keychain. The certificates on the card will appear (there are
usually three)
- In the right pane, click the first certificate
- If 'This certificate was signed by an unknown authority' displays
in red, double-click it the certificate. The Certificate Information
window will open
- Scroll down to the Extension section labeled 'Certificate
Authority Information Access' and click the link just below it (Ex.
http://crl.xxxx.mil/getsign?DODĘ-99). The CA certificate will
download to the Mac
- Close the Certificate Information window
- Quit Keychain Access. This seems counter-intuitive given that we
are about to reopen it by opening the cert, but it does need to be
quit before continuing.
- Locate the certificate in your downloads folder double click it.
The Add Certificates window will appear asking if you want to add
the certificate to the keychain
- Set the Keychain field to System and click OK. Enter
administrator credentials if prompted. If prompted, choose to
"Always Trust". The new certificate should appear under System in
the Keychain Access window
- Do the same process for each of the remaining certificates
----------------------------------------
In the interest of full disclosure, this should work with any of the
smart card solutions capable of reading CAC and PIV cards.
If you decide to try this with PKard, I'd be interested in knowing
how things work out.
Regards,
Jim Thomas, CSCIP/G
Senior Support Specialist
Thursby Software Systems, Inc.
On 2/14/13 5:59 PM, Danberry, Michael J
Mr ARMY GUEST USA wrote:
Thanks Bill,
The specific location for this information is at: http://militarycac.com/errors2.htm#OTHER_QUESTIONS.
Question 2
--
CW3 Michael J. Danberry
Chief, Network Operations for the Military Intelligence Readiness
Command, AKO CAC Resource Center Content Provider, and MilitaryCAC
Web Helper
8831 John J. Kingman Road
Fort Belvoir, VA 22060-6208
703-806-5924 Office
703-679-8989 Virtual Office (rings my 3 mobile phones)
612-328-8768 Verizon mobile
email@hidden
Problems accessing DoD websites can "usually" be cured by
following this guide: https://tiny.army.mil/r/0Owo
Sent from my Samsung Stratosphere Android device using the K-9
Mail app. Please excuse any typos.
William Cerniuk <email@hidden>
wrote:
Buddy of mine
:-) runs this page:
Probably the best source there is
for Apple related CAC/PIV
On Feb 14, 2013, at 17:30, Michael Kluskens < email@hidden>
wrote:
What are the choices for CAC enabled login on OS
X 10.7 & 10.8.
I'm looking at OS X systems which may not have
access to a MS Domain Server, i.e. isolated netwo rk.
Some would have access and some would not have access
all the time.
I thought maybe some changes to /etc/authorization
might reenable CAC-login but I haven't started an
attempt yet.
Unfortunately Apple dropped support and now it is a
requirement in many places, all places that supply
Windows-software for this but if you use OS X you have
to find your own solution.
Michael
_______________________________________________
Do not post admin requests to the list. They will be
ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|