"Uri the Great", That was excellent news, tested it and it works fine except for one issue. Used it to login into an OWA site using my PKI token but Safari retains the cache and allows subsequence access without the PKI token. The only way I found to resolve the issue was to Clear History in Safari. An easy procedure but I cannot trust users to adhere to this procedure, and it would be considered a vulnerability. I am not using PKI token to log into my system. The computer is locked down with a DISA STIG for ver 10.11. Had the same issue using Thursby PKard. Do you (or anyone else) have a solution? Thanks, Patrick Krosbakken -----Original Message----- From: smartcardservices-users-bounces@lists.macosforge.org [mailto:smartcardservices-users-bounces@lists.macosforge.org] On Behalf Of Uri Blumenthal Sent: Friday, October 14, 2016 20:09 To: Jasmine Hall Cc: smartcardservices-users@lists.macosforge.org Subject: [Non-DoD Source] Re: [SmartcardServices-Users] macOS update/unable to install smart card reader On Oct 14, 2016, at 7:52 , Jasmine Hall <princessjazzyp@gmail.com> wrote:

My Mac just got an update to macOS Sierra. I’m trying to update everything i need in order to use the smart card reader but I can go no further because the latest on this website is for the macOS El Chapitan. When will an updated version of the installer come out??

If all you need your smart card for is login, and your smartcard-requiring applications are Apple Mail and Safari (and nothing else) - then you don’t need any more software, and Sierra is better at supporting smart card login than El Capitan could possibly be. Except that for smart card login to work you must set "System Preferences -> Users -> Login options -> Display login window as” to “List users”. Setting it to “Name and password” will make smart card login impossible (Apple bug, tracked at Radars 28542438, 28572563). If you need more, like using other browsers (Chrome and Firefox come to mind), MS Office (e.g., Outlook 2016), or Adobe Acrobat - then Sierra will break all of that for you. AFAIK, your only choice until Apple remedies this issue (tracked in Radars 27827716 and 28572661) is installing a different tokend (I usually recommend https://github.com/OpenSC/OpenSC.git and https://github.com/mouse07410/OpenSC.tokend.git). Then you’ll need to enable legacy smart card support via sudo security authorizationdb smartcard enable and disable the new Sierra’s pivtoken via sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken It might be possible to just install SmartCardServices for El Capitan (and they might work correctly) on Sierra - but my preferred way that I’ve tested both at work and at home was described above. -- Uri the Great uri@mit.edu