Anyone integrated Smart Card Service logon with Open Directory ? Been looking for some how to's but no luck so far. I imagine it would be a matter of modifying the LDAP Authorization attributes, unless password server supports this which i dont think it does. __________________________ Michele (Mike) Hjorleifsson ACSA/ACT, MCT/MCP, CCA/CCI PH: 772-224-8913 FX: (888) 451-2879 This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual entity to whom they are addressed. This communication may contain material protected by the attorney-client privilege. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying this e-mail or any file or files transmitted with it is strictly prohibited. If you have received this e-mail in error, please immediately telephone (772) 224-8913.
On Sep 29, 2009, at 4:42 PM, Michele (Mike) Hjorleifsson wrote:
Anyone integrated Smart Card Service logon with Open Directory ? Been looking for some how to's but no luck so far. I imagine it would be a matter of modifying the LDAP Authorization attributes, unless password server supports this which i dont think it does.
Mike, There are two methods available today that were documented in an old Apple KBase article (which needs to be updated) , but a third one is what most folks are looking for and it is coming in the future.... Available Today Method 1: PubKeyHash Designates Identity to be used for Challenge - Adds a ;pubkeyhash; value to AuthenticationAuthority attribute Method 2: Attribute Matching Designates Attributes to be used for Lookup in DS for Match prior to Challenge - Defined within the cacloginconfig.plist file for defined matching Coming in the future from Apple but available from third-party products today Method 3: PKINIT Which gives you SSO to your DS from your Smart Card (X.509 Cert) 3rd-Party Products "ADmitMac for CAC" Thursby Software Systems "DirectControl" Centrify __________________________________________________ Shawn Geddis geddis@mac.com Security Consulting Engineer MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________
participants (2)
-
Michele (Mike) Hjorleifsson
-
Shawn A. Geddis