[SmartcardServices-Users] SmartCard Services Stopped Working
Randall P. Mora
randall at avum.com
Wed Oct 17 09:54:33 PDT 2012
I am unable to use my Government CAC anymore with the Mac. The CAC is recognized in the System.log but is not accessible in Mail.app or any browser. The following is our log… notice that CAC-5FFF-7F00-62FF-00F0-B5D3 is being inserted and added to the keychain. When I remove the card it is removed from the keyhain and when I add it back it is inserted into the keychaing. But when I try and use the CAC with Mail or browsing a CAC required site the CAC doesn't work or initialize in the application. See below, it look like it is trying but getting the deny file-read-data. Help please, I've been trying to get this working since I upgraded to 10.8. I've installed the most recent update (i.e., Smart Card Services Update 2.0b2-ML-signed.pkg).
Oct 17 09:14:35 graphite.local com.apple.SecurityServer[15]: Token reader OmniKey CardMan 3121 00 00 removed from system
Oct 17 09:14:35 graphite.local com.apple.SecurityServer[15]: reader OmniKey CardMan 3121 00 00 removed token "CAC-5FFF-7F00-62FF-00F0-B5D3" (CAC-5FFF-7F00-62FF-00F0-B5D3) subservice 31
Oct 17 09:14:41 graphite.local com.apple.SecurityServer[15]: Token reader OmniKey CardMan 3121 00 00 inserted into system
Oct 17 09:14:45 graphite.local com.apple.SecurityServer[15]: token inserted into reader OmniKey CardMan 3121 00 00
Oct 17 09:14:45 graphite.local com.apple.SecurityServer[15]: reader OmniKey CardMan 3121 00 00 inserted token "CAC-5FFF-7F00-69FF-00F0-0592" (CAC-5FFF-7F00-69FF-00F0-0592) subservice 32 using driver com.apple.tokend.cac
Oct 17 09:15:23 graphite.local com.apple.SecurityServer[15]: Session 100022 created
Oct 17 09:15:23 graphite.local com.apple.security.XPCKeychainSandboxCheck[708]: Can't get dir or base (likely out of memory) for CAC-5FFF-7F00-69FF-00F0-0592
Oct 17 09:16:53 graphite.local sandboxd[725] ([259]): WebProcess(259) deny file-read-data /Library/Preferences/com.apple.security-common.plist
graphite:log rmora$ security list-keychains
"CAC-5FFF-7F00-69FF-00F0-0592"
"/Users/rmora/Library/Keychains/login.keychain"
"/Users/rmora/Library/Keychains/Microsoft_Intermediate_Certificates"
"/Users/rmora/Library/Application Support/Adobe/AIR/ELS/com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1/PrivateEncryptedDatak"
"/System/Library/Keychains/SystemCACertificates.keychain"
graphite:log rmora$
when trying to bring up mail:
Oct 17 09:33:38 graphite.local Mail[864]: Using V2 Layout
Oct 17 09:33:38 graphite.local com.apple.SecurityServer[15]: Session 100027 created
Oct 17 09:33:38 graphite.local com.apple.security.XPCKeychainSandboxCheck[866]: Can't get dir or base (likely out of memory) for CAC-5FFF-7F00-69FF-00F0-A581
Oct 17 09:33:44 graphite.local Mail[864]: *** -[IADomainCache init]: IA domains cache is out of date.
Oct 17 09:33:44 graphite.local SyncServer[868]: [0x7ff56940be40] |DataManager|Warning| Client com.apple.Mail sync alert tool path /System/Library/Frameworks/Message.framework/Resources/MailSync does not exist.
THUS the Mail.app will not initialize the ability to digitally sign my emails
then when bring up Safari…
Oct 17 09:34:47 graphite.local sandboxd[878] ([877]): WebProcess(877) deny file-read-data /Library/Preferences/com.apple.security-common.plist
Oct 17 09:34:47 graphite kernel[0]: Sandbox: sandboxd(878) deny mach-lookup com.apple.coresymbolicationd
And can't access the customers CAC enabled site.
Software OS X 10.8.2 (12C60)
Hardware Overview:
Model Name: MacBook Pro
Model Identifier: MacBookPro10,1
Processor Name: Intel Core i7
Processor Speed: 2.6 GHz
Number of Processors: 1
Total Number of Cores: 4
L2 Cache (per Core): 256 KB
L3 Cache: 6 MB
Memory: 16 GB
Boot ROM Version: MBP101.00EE.B02
SMC Version (system): 2.3f32
Serial Number (system): C02HXBMSDKQ5
Hardware UUID: 0B42596B-3FA9-59DD-814E-AD141081775A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20121017/48af3522/attachment-0001.html>
More information about the SmartcardServices-Users
mailing list