[SmartcardServices-Users] OpenDirectory
Shawn A. Geddis
geddis at apple.com
Tue Sep 29 13:54:06 PDT 2009
On Sep 29, 2009, at 4:42 PM, Michele (Mike) Hjorleifsson wrote:
> Anyone integrated Smart Card Service logon with Open Directory ?
> Been looking for some how to's but no luck so far.
> I imagine it would be a matter of modifying the LDAP Authorization
> attributes, unless password server supports this which i dont think
> it does.
Mike,
There are two methods available today that were documented in an old
Apple KBase article (which needs to be updated) , but a third one is
what most folks are looking for and it is coming in the future....
Available Today
Method 1: PubKeyHash Designates Identity to be used for Challenge
- Adds a ;pubkeyhash; value to AuthenticationAuthority
attribute
Method 2: Attribute Matching Designates Attributes to be used for
Lookup in DS for Match prior to Challenge
- Defined within the cacloginconfig.plist file for defined
matching
Coming in the future from Apple but available from third-party
products today
Method 3: PKINIT
Which gives you SSO to your DS from your Smart Card (X.509 Cert)
3rd-Party Products
"ADmitMac for CAC" Thursby Software Systems
"DirectControl" Centrify
__________________________________________________
Shawn Geddis geddis at mac.com
Security Consulting Engineer
MacOSForge Project Lead: Smart Card Services
Web: http://smartcardservices.macosforge.org/
Lists: http://lists.macosforge.org/mailman/listinfo
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20090929/1c031067/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3864 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20090929/1c031067/attachment-0001.bin>
More information about the SmartcardServices-Users
mailing list