• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support

  • Subject: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • From: Jeff Haferman via Fed-talk <email@hidden>
  • Date: Thu, 10 Oct 2019 16:57:49 -0700
I read through this entire thread fairly thoroughly, but I still have
a question. "Everything" that I want to work for CAC under Catalina
seems to work with one exception (I am able to visit various
CAC-enabled websites, & I can sign PDF documents in Acrobat).
*However*,  signing / encrypting emails in Outlook 2016 (16.29 to be
exact) does not work. My CAC certificates appear in the Outlook ->
Preferences -> Accounts -> Advanced -> Security dialog, but signing
and encryption fail.

Is this expected until Microsoft issues a new release, or is there a
solution?  Previously I had used CACkey but my understanding is that I
should not be using anything other than the built-in ability on
Catalina.


On Tue, Oct 8, 2019 at 8:55 AM Golbig, Allen M. (GRC-V000)[Peerless
Technologies Corp.] via Fed-talk <email@hidden> wrote:
>
> And let's not forget the race conditions that occur if you have both
> installed. I hear complaints all the time from users who've had to hard
> reboot their systems because they got an encrypted email at the lock screen.
> Now that I only use CTK, I've not been locked out of my system a single time.
>
>
>
> On 10/8/19, 11:51 AM, "Fed-talk on behalf of Gendler, Bob (Fed) via
> Fed-talk" <fed-talk-bounces+allen.m.golbig=email@hidden on behalf
> of email@hidden> wrote:
>
>     tokenD is dead. Disabling CTK is bad.
>
>     The experience is not as good as CTK. Keychain Prompts to use the
> smartcard has resulted in so many calls of peoples' smartcards being locked
> due to the PIN being entered incorrectly because they believed they needed
> their login keychain password.
>
>     The core applications that still require tokenD(looking at you Outlook
> specifically and Firefox) know they have to update to the newer frameworks
> that have been there since 10.10 days.
>
>     On 10/8/19, 11:45 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 -
> MITLL via Fed-talk" <fed-talk-bounces+robert.gendler=email@hidden
> on behalf of email@hidden> wrote:
>
>         Also, I missed one question you asked. If completely disabling CTK
> brings tokend back to life - then all the Mac-native apps will be able to use
> smartcards via keychain access, in fact giving a better user experience than
> what they have with CTK.
>
>         Again, let's hope Allen comments on this quickly.
>
>         On 10/8/19, 11:40 AM, "Fed-talk on behalf of Blumenthal, Uri - 0553 -
> MITLL via Fed-talk" <fed-talk-bounces+uri=email@hidden on
> behalf of email@hidden> wrote:
>
>             >    I don't want to be seen as crapping on other projects, but
> is my reading
>             >    of Allen Golbig's email correct in that OpenSC doesn't work
> unless you
>             >    completely disable Apple's included Smartcard support (aka
> CTK)?  If that
>             >    understanding is correct, then wouldn't that mean you also
> lose support
>             >    for Mac-native applications with CTK support?
>
>             I don't know, and am waiting for Allen to comment.
>
>             In the meanwhile, based on what other people commented/complained
> about on the OpenSC list, it looks like it's the tokend part that's broken
> (both OpenSC.tokend, and OpenSCToken that's the CTK-based replacement for it).
>
>
>
>      _______________________________________________
>     Do not post admin requests to the list. They will be ignored.
>     Fed-talk mailing list      (email@hidden)
>     Help/Unsubscribe/Update your Subscription:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.apple.com_mailman_options_fed-2Dtalk_allen.m.golbig-2540nasa.gov&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=l2VqJuFyBQM28R1VFAMwqiGaiuC1-20exr-8EOp82rk&m=7V8yfq9Y2iJ52MHDJ5y0hcrgmQYo27kiRpFoIpCLSuU&s=ZGfiPmZ-LL3HxxmfgYD9t4rj9ekYbnGInf1TOrVuL50&e=
>
>     This email sent to email@hidden
>
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
      • From: "Hardis, Jonathan E. Dr. \(Fed\) via Fed-talk" <email@hidden>
References: 
 >Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support (From: "Golbig, Allen M. \(GRC-V000\)\[Peerless Technologies Corp.\] via Fed-talk" <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] how to deploy an iOS CSfC solution
  • Next by Date: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Previous by thread: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Next by thread: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
  • Index(es):
    • Date
    • Thread