Hi John, Le 22 févr. 2013 à 16:47, John Daly <john.l.daly@navy.mil> a écrit :

I have an Open Directory setup and need to configure it so that users can log into their accounts using their smart card. So far, I've not been able to get this to work, and haven't been able to find a good set of instructions for doing so.

Shawn's answers indicate that it's possible and perhaps considered such an easy, obvious, task that it doesn't require directions, but I'm one of the RTFM kinda guys, so I'd like to find the manual so I can read it.

This kind of setup works fine. I write a tutorial on my blog (in french) here http://blog.inig-services.com/archives/1068 (you can use Google Translate if you want). What’s most interesting for you is my fixed version of sc_auth available here : http://blog.inig-services.com/wp-content/uploads/2012/04/sc_auth.zip It allow you to register key hash in the AuthenticationAuthority field for the requested user. You can use it like that : ./sc_auth accept -a diradmin -P -d /LDAPv3/office.inig-services.com -u yoanngini -k yoann@inig-services.com Where yoanngini is my username and yoann@inig-services.com is the identifier of my key hash (available with sc_auth hash). In fine, what you need it’s this result : dscl /LDAPv3/office.inig-services.com read /Users/yoanngini AuthenticationAuthority AuthenticationAuthority: ;ApplePasswordServer;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root@office.inig-services.com:192.168.42.10;Kerberosv5;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root@office.inig-services.com:192.168.42.10;pubkeyhash;8FC26FBDB681121596292A3D0A8AB9952EC1A4AC Ask if you need more details. Best regards, Yoann