• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support

  • Subject: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • From: "Golbig, Allen M. \(GRC-V000\)\[Peerless Technologies Corp.\] via Fed-talk" <email@hidden>
  • Date: Tue, 8 Oct 2019 15:55:19 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nasa.gov; dmarc=pass action=none header.from=nasa.gov; dkim=pass header.d=nasa.gov; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=trbehtmQoVBnLajtxD/xqtJ4qnjqSFmoW7k5UWgapmY=; b=YNW8iPhq7XAu3zLAvlzeNWMCVfb+XOLjA4hcqm2Txi5II1udZrc98hcmPhj5Rf2BqlL/NzDwL2AlMUSJQYIOH70dq8AqBFL/zj+ySPeB/aCbnV5Ys4q+lIE3W71WYWKxqA/LrTKsed5Ifq4iDzuLgUXUJJ9vGrrS9tVaMoxuXj5Wm+yYVh0ZKSTNSqmCXDhDjfnexO4yX+638E0rNNaonlDZubcLHH7P/kli9ROhlrgv1KLX3d6OCxkb6h4ljHSX5SnnBk8Mvs5TakU6sgXzv3CZeV6jxhIJx4/yWiVMvKY8E3on2p7YV3sV9TpO6QIbBM8c7Myo06VyjoqR98LpJw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TKUKhIzy1t460MFi1ezhY/Inxn2IkrjCw+wWEBB8P5WOJSzx9Fi0eW1a2PNMvWWE/C7I8duYMML0YgYssWu0jmBBfnYr5otJMm1xzDr6PZ1PZIsG+FaKLxYn2OURO8sdyfrzqHBED/I6u4l3lj7QSdoJeI/JjbehhdULFZCzGQ+p/6QmvF2XOrx54j2JCE1eojRcuVfCcBWPOMtPRZWuwHfofkdOz9TpsIJp5CRDjTyaVrbSp8iIGWb2i1l+wUa0TW3vJxRd4wCzoi9dV90Gn7s0tUKi29t8r5tK0mj9MKs8QJO6biWzbj5DU42gud8n3oYKWPwZeYgUlSej3x72Ew==
  • Dkim-filter: OpenDKIM Filter v2.11.0 ndjsvnpf104.ndc.nasa.gov 2A606400356A
  • Thread-topic: [EXTERNAL] Re: [Fed-Talk] MacOS X Catalina & CAC support
And let's not forget the race conditions that occur if you have both installed.
I hear complaints all the time from users who've had to hard reboot their
systems because they got an encrypted email at the lock screen. Now that I only
use CTK, I've not been locked out of my system a single time.



On 10/8/19, 11:51 AM, "Fed-talk on behalf of Gendler, Bob (Fed) via Fed-talk"
<fed-talk-bounces+allen.m.golbig=email@hidden on behalf of
email@hidden> wrote:

    tokenD is dead. Disabling CTK is bad.

    The experience is not as good as CTK. Keychain Prompts to use the smartcard
has resulted in so many calls of peoples' smartcards being locked due to the
PIN being entered incorrectly because they believed they needed their login
keychain password.

    The core applications that still require tokenD(looking at you Outlook
specifically and Firefox) know they have to update to the newer frameworks that
have been there since 10.10 days.

    On 10/8/19, 11:45 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 - MITLL
via Fed-talk" <fed-talk-bounces+robert.gendler=email@hidden on
behalf of email@hidden> wrote:

        Also, I missed one question you asked. If completely disabling CTK
brings tokend back to life - then all the Mac-native apps will be able to use
smartcards via keychain access, in fact giving a better user experience than
what they have with CTK.

        Again, let's hope Allen comments on this quickly.

        On 10/8/19, 11:40 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 -
MITLL via Fed-talk" <fed-talk-bounces+uri=email@hidden on behalf
of email@hidden> wrote:

            >    I don't want to be seen as crapping on other projects, but is
my reading
            >    of Allen Golbig's email correct in that OpenSC doesn't work
unless you
            >    completely disable Apple's included Smartcard support (aka
CTK)?  If that
            >    understanding is correct, then wouldn't that mean you also
lose support
            >    for Mac-native applications with CTK support?

            I don't know, and am waiting for Allen to comment.

            In the meanwhile, based on what other people commented/complained
about on the OpenSC list, it looks like it's the tokend part that's broken
(both OpenSC.tokend, and OpenSCToken that's the CTK-based replacement for it).



     _______________________________________________
    Do not post admin requests to the list. They will be ignored.
    Fed-talk mailing list      (email@hidden)
    Help/Unsubscribe/Update your Subscription:

https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.apple.com_mailman_options_fed-2Dtalk_allen.m.golbig-2540nasa.gov&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=l2VqJuFyBQM28R1VFAMwqiGaiuC1-20exr-8EOp82rk&m=7V8yfq9Y2iJ52MHDJ5y0hcrgmQYo27kiRpFoIpCLSuU&s=ZGfiPmZ-LL3HxxmfgYD9t4rj9ekYbnGInf1TOrVuL50&e=


    This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
      • From: Jeff Haferman via Fed-talk <email@hidden>
  • Prev by Date: Re: [Fed-Talk] MacOS X Catalina & CAC support
  • Next by Date: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Previous by thread: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Next by thread: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Index(es):
    • Date
    • Thread