Re: [Fed-Talk] MacOS X Catalina & CAC support
Re: [Fed-Talk] MacOS X Catalina & CAC support
- Subject: Re: [Fed-Talk] MacOS X Catalina & CAC support
- From: Ken Hornstein via Fed-talk <email@hidden>
- Date: Tue, 08 Oct 2019 13:24:24 -0400
>Also, I missed one question you asked. If completely disabling CTK
>brings tokend back to life - then all the Mac-native apps will be able
>to use smartcards via keychain access, in fact giving a better user
>experience than what they have with CTK.
I cannot claim to understand everything about the Security framework,
but I do not believe that "new API" applications will be able to access
smartcards that are only available via tokend. In my experience when
you call SecItemCopyMatching() and say you want identities that are on
a smartcard you don't see tokend-presented identities. So if Mac-native
apps have migrated completely to SecItemCopyMatching() then they probably
won't work when you are using tokend.
Chrome calls both the old and new Security framework APIs explicitly
for this reason, that's why it's one of the few applications that work
with native smartcard support and a tokend.
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden