On Mar 25, 2016, at 18:08 , Hoit, Daniel S. <hoit2@llnl.gov<mailto:hoit2@llnl.gov>> wrote: I think there is some difference, but I'm not sure how much. I know when I got my yubikey working as a PIV card, it was only with the Centrify tokenD, or at least thats my recollection. I'd like to find the time eventually to add some user feedback on the lock state of the card to the Apple PIV tokend. The calls are all stubbed out, but not fedback to the UI in any way from what I could tell. I had difficulties with CAC, and terrible difficulties with Yubikey (all the tokend's). With the help of Klaus from Yubikey and Jim Thomas from Thursby we straightened out the Yubikey case (Yubikey added the necessary fields that it was lacking, and that was that). After that I decided that I’d really like a tokend that I could (a) build myself from the source, and (b) fix if/when necessary. Out of all the tokend’s available, only OpenSC satisfied both of those requirements, but it was the most broken one of the bunch. With the help of Frank Morgner and Doug Engert, now OpenSC.tokend (a) builds on all the Mac OS X platforms I care for (Snow Leopard, Yosemite, El Capitan), (b) works with all the tokens I have including CAC and Yubikey (NEO and 4), (c) provides full support for RSA (signature and encryption), and ECDSA support for ECC (I’ve added ECDH support but cannot test it as there is no application software I know of that can support ECC-based email encryption). It’s been tested with Web as well (Firefox using OpenSC, and Chrome/Safari using OpenSC.tokend). It seems to deal with the lock state (mostly) correctly. Apple Mail is the least stable app wrt. this, but re-inserting the token and re-starting the Mail client remedies its hiccups. So, ideally I’d like to be able to build SmartCardServices tokend, to have a backup. Practically, I don’t think I really care any more. OpenSC.tokend does the job, and there’s supported Thursby PKard.tokend (don’t know how well it supports ECC, but again - there’s no application to test it against). On Mar 25, 2016, at 11:20 AM, "Jorgensen, Will A" <Will@pnnl.gov<mailto:Will@pnnl.gov>> wrote: I’m curious if anyone has insight into how the Centrify tokend is different then the one that comes from the smart card services project. From what I can see, they appear to be identical. I’m wondering if they are just compiling and re-packaging the same code. __________________________________________________ Will Jorgensen IT Engineer Communications & IT Directorate Pacific Northwest National Laboratory www.pnnl.gov<mailto:Jeff.Evans@pnnl.gov> _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org<mailto:SmartcardServices-Users@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org<mailto:SmartcardServices-Users@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users -- Uri the Great uri@mit.edu<mailto:uri@mit.edu>