On Jul 21, 2010, at 2:54 PM, Bram Cymet wrote:
Hi,
I hope this is the right list to send this to and if it is not please let me know where the right place would be.
I have successfully got PIV cards working for login and screensaver access under Snow Leopard. The problem I am having is that it seems to ignore the fact that Keychain Access sees the certs on the cards as being revoked.
Is it possible with the current Tokend/Smartcardservices to make it so that if a cert has been revoked that a person using that card is no longer able to log into the system? Or will I have to make some modifications to get this functionality working?
Thanks,
-- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752
Bram, This list is specifically for Tokend Development and your question is a User Question in the use of Smart Cards on a Mac OS X System. I will cc the User's list in my response, but keep in mind that this particular list is for those "developing" a Tokend. You will need to explain which method you are using for Client Authentication: • PubKeyHash - Does not require that the Certificate itself has not been revoked • Attribute Matching - Leveraging attribute(s) from the cert on the card to determine which DS Account to Authenticate against • PKINIT (SSO to DS) - Validates the cert / cert chain locally as well as authenticates to Kerberos KDC with that Certificate. Which method are you using ? -Shawn __________________________________________________ Shawn Geddis geddis@mac.com Security Consulting Engineer geddis@apple.com MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________