Re: [Fed-Talk] MacOS X Catalina & CAC support
Re: [Fed-Talk] MacOS X Catalina & CAC support
- Subject: Re: [Fed-Talk] MacOS X Catalina & CAC support
- From: "Gendler, Bob \(Fed\) via Fed-talk" <email@hidden>
- Date: Tue, 8 Oct 2019 15:50:27 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tCRuvoYvHPkF261iAhnTdmKk7hVdTqEGVlNa/p8IAQk=; b=mjyHDU4KYr9bllccyob9fmkg3Dse83GuZBD7iLuS7z639Wml2LjBgQNYo4+E/oyMq2ziH4lE+vytmPu6/9aQwbLrRRfg4JGJPM/PEvbwKKNnNvYT4G+CxBSdBa4VOuWIOrK7OV8wSdx8XEbsaLl230sG0G1yWcOJc/47l/z3DIceqxf7u4QcWZFjr9BwPVn/0vQcAwx178wv7XB3sByic2s3oh6n6x7XB4fqGFPZG7QCyU9etlTt76NhoGewFHipAqoGoW2yPKEgw8QL9x7lMcrtXVLtw9UMP+bSZLuLUE/pAI3c60QkpquDKQ9CBaeJxeRL2O/qY9swmcagXybe0w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MVKQ3kwddCaYwCcWIKnmWLw53fyuoIgLMoKj4TTab3OivXReJxUqkjcZ2YQURO09GuDfS+j0cF2bdaTfUIpFh3pDjVSBuOJ+2ZbhYsI7a8URbd9UDWlb/Z2DuYKGbvE5u23qtfM7bTpTVUfqwEWBhkF5pMhfn+CfWR6YzrpYxY+IVT05dzlPGDUtwOIZoH4MdR7rauOftZbzxI1F5IDPVHNlD74UQnPKIy/TgOjI3+U4TICMA0czEIkrP0kkYgyQMAkSA9CN/qWhoL+J8oy4AOwYA4B6+4j0kRtUfMUWtyesSA0sDcpQznBodRy7H1N4CRPJw2oN45i5EbGMmKDT5g==
- Thread-topic: [Fed-Talk] MacOS X Catalina & CAC support
tokenD is dead. Disabling CTK is bad.
The experience is not as good as CTK. Keychain Prompts to use the smartcard has
resulted in so many calls of peoples' smartcards being locked due to the PIN
being entered incorrectly because they believed they needed their login
keychain password.
The core applications that still require tokenD(looking at you Outlook
specifically and Firefox) know they have to update to the newer frameworks that
have been there since 10.10 days.
On 10/8/19, 11:45 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 - MITLL
via Fed-talk" <fed-talk-bounces+robert.gendler=email@hidden on
behalf of email@hidden> wrote:
Also, I missed one question you asked. If completely disabling CTK brings
tokend back to life - then all the Mac-native apps will be able to use
smartcards via keychain access, in fact giving a better user experience than
what they have with CTK.
Again, let's hope Allen comments on this quickly.
On 10/8/19, 11:40 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 - MITLL
via Fed-talk" <fed-talk-bounces+uri=email@hidden on behalf of
email@hidden> wrote:
> I don't want to be seen as crapping on other projects, but is my
reading
> of Allen Golbig's email correct in that OpenSC doesn't work unless
you
> completely disable Apple's included Smartcard support (aka CTK)?
If that
> understanding is correct, then wouldn't that mean you also lose
support
> for Mac-native applications with CTK support?
I don't know, and am waiting for Allen to comment.
In the meanwhile, based on what other people commented/complained about
on the OpenSC list, it looks like it's the tokend part that's broken (both
OpenSC.tokend, and OpenSCToken that's the CTK-based replacement for it).
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden