[SmartcardServices-Users] Smartcard support from third party dylib

Shawn A. Geddis geddis at mac.com
Tue Sep 28 09:56:20 PDT 2010 

Lorenzo,

A few points to note as to why you would be having problems....

> Hi all,
> I'm a system admin from Italy, I'm trying to make a smartcard working for login.

Apple's built-in support for Smart Card Login requires a card be supported via Tokend and is not supported using PKCS#11.  

> The vendor provided us with a precompiled dylib. I'm able to use the smartcard with firefox by adding a new security device and passing the dylib as the provider.

If this is working for you, this means that this "dylib" is providing a PKCS#11 Library service and is not a Tokend -- See note above.

> Same thing with openvpn. I have searched how to add a custom provider to smartcardservices to make it use the dylib but I haven't found anything useful.

What the vendor has provided you is a single solution that only works with PKCS#11 based applications (Firefox, Acrobat, etc.).  If you want to use their Smart Card an software, they would need to develop and release a Tokend version for Mac OS X. 


> Could you please give me some tips about this problem?
> The secure.log shows those messages when the card is inserted:
> 
> Sep 28 12:59:12 gollum com.apple.SecurityServer[22]: Token reader SCM SCR 355 00 00 inserted into system
> Sep 28 12:59:14 gollum com.apple.SecurityServer[22]: token in reader SCM SCR 355 00 00 cannot be used (error 229)

First line shows that you inserted the SCM Reader...
Second line indicates that one of the Tokend modules thought it could handle the applet on the card you are using and failed during the parsing of the data.

What Smart Card / Applet / Profile are you attempting to use ?

-Shawn


__________________________________________________
Shawn Geddis				  			   geddis at mac.com
Security Consulting Engineer				   geddis at apple.com

MacOSForge Project Lead:                           Smart Card Services                                                                 
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo
__________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100928/b826f354/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100928/b826f354/attachment.bin>

More information about the SmartcardServices-Users mailing list