[SmartcardServices-Users] SmartCard Services Stopped Working

Shawn Geddis geddis at me.com
Thu Oct 18 08:34:05 PDT 2012 

Randall,

When you say it is recognizing your CAC in the System.log I think you are referring to the Token identifier you see as "CAC-5FFF-7F00-69FF-00F0-0592".  What I fear is your issue is that the card you are using is not actually properly recognized by the Tokend.  Allow me to explain.  The identifier "5FFF-7F00-69FF-00F0-0592"   *should*  match the 20-digit alphanumeric identifier printed at the top of the back of your card.  

If the two (printed identifier  Keychain Identifier) do not match, then there is an issue with the Tokend in use.  If that is the case, please submit a ticket [ http://smartcardservices.macosforge.org/trac/newticket ] with all of the relevant information from your system (ie. system profiler) and information about your card (ie. CAC, CACNG, PIV, PIV-I, Manufacturer Branding name.  Note on the wiki, blog and installer that the CACNG Tokend only supports the Gemalto TOPDLGX4 144 - ONLY at this time.  If you have the Oberthur ID One card, it may not work at this time.

-Shawn

On Oct 17, 2012, at 12:54 PM, "Randall P. Mora" <randall at avum.com> wrote:
> I am unable to use my Government CAC anymore with the Mac.  The CAC is recognized in the System.log but is not accessible in Mail.app or any browser.  The following is our log… notice that CAC-5FFF-7F00-62FF-00F0-B5D3 is being inserted and added to the keychain.  When I remove the card it is removed from the keyhain and when I add it back it is inserted into the keychaing.  But when I try and use the CAC with Mail or browsing a CAC required site the CAC doesn't work or initialize in the application.  See below, it look like it is trying but getting the deny file-read-data.  Help please, I've been trying to get this working since I upgraded to 10.8.  I've installed the most recent update (i.e., Smart Card Services Update 2.0b2-ML-signed.pkg).
> 
> Oct 17 09:14:35 graphite.local com.apple.SecurityServer[15]: Token reader OmniKey CardMan 3121 00 00 removed from system
> Oct 17 09:14:35 graphite.local com.apple.SecurityServer[15]: reader OmniKey CardMan 3121 00 00 removed token "CAC-5FFF-7F00-62FF-00F0-B5D3" (CAC-5FFF-7F00-62FF-00F0-B5D3) subservice 31
> Oct 17 09:14:41 graphite.local com.apple.SecurityServer[15]: Token reader OmniKey CardMan 3121 00 00 inserted into system
> Oct 17 09:14:45 graphite.local com.apple.SecurityServer[15]: token inserted into reader OmniKey CardMan 3121 00 00
> Oct 17 09:14:45 graphite.local com.apple.SecurityServer[15]: reader OmniKey CardMan 3121 00 00 inserted token "CAC-5FFF-7F00-69FF-00F0-0592" (CAC-5FFF-7F00-69FF-00F0-0592) subservice 32 using driver com.apple.tokend.cac
> Oct 17 09:15:23 graphite.local com.apple.SecurityServer[15]: Session 100022 created
> Oct 17 09:15:23 graphite.local com.apple.security.XPCKeychainSandboxCheck[708]: Can't get dir or base (likely out of memory) for CAC-5FFF-7F00-69FF-00F0-0592
> Oct 17 09:16:53 graphite.local sandboxd[725] ([259]): WebProcess(259) deny file-read-data /Library/Preferences/com.apple.security-common.plist
> 
> 
> graphite:log rmora$ security list-keychains 
>     "CAC-5FFF-7F00-69FF-00F0-0592"
>     "/Users/rmora/Library/Keychains/login.keychain"
>     "/Users/rmora/Library/Keychains/Microsoft_Intermediate_Certificates"
>     "/Users/rmora/Library/Application Support/Adobe/AIR/ELS/com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1/PrivateEncryptedDatak"
>     "/System/Library/Keychains/SystemCACertificates.keychain"
> graphite:log rmora$ 
> 
> 
> when trying to bring up mail:
> Oct 17 09:33:38 graphite.local Mail[864]: Using V2 Layout
> Oct 17 09:33:38 graphite.local com.apple.SecurityServer[15]: Session 100027 created
> Oct 17 09:33:38 graphite.local com.apple.security.XPCKeychainSandboxCheck[866]: Can't get dir or base (likely out of memory) for CAC-5FFF-7F00-69FF-00F0-A581
> Oct 17 09:33:44 graphite.local Mail[864]: *** -[IADomainCache init]: IA domains cache is out of date.
> Oct 17 09:33:44 graphite.local SyncServer[868]: [0x7ff56940be40] |DataManager|Warning| Client com.apple.Mail sync alert tool path /System/Library/Frameworks/Message.framework/Resources/MailSync does not exist.
> 
> THUS the Mail.app will not initialize the ability to digitally sign my emails
> 
> then when bring up Safari…
> Oct 17 09:34:47 graphite.local sandboxd[878] ([877]): WebProcess(877) deny file-read-data /Library/Preferences/com.apple.security-common.plist
> Oct 17 09:34:47 graphite kernel[0]: Sandbox: sandboxd(878) deny mach-lookup com.apple.coresymbolicationd
> 
> And can't access the customers CAC enabled site.
> 
> Software  OS X 10.8.2 (12C60)
> Hardware Overview:
> 
>   Model Name:	MacBook Pro
>   Model Identifier:	MacBookPro10,1
>   Processor Name:	Intel Core i7
>   Processor Speed:	2.6 GHz
>   Number of Processors:	1
>   Total Number of Cores:	4
>   L2 Cache (per Core):	256 KB
>   L3 Cache:	6 MB
>   Memory:	16 GB
>   Boot ROM Version:	MBP101.00EE.B02
>   SMC Version (system):	2.3f32
>   Serial Number (system):	C02HXBMSDKQ5
>   Hardware UUID:	0B42596B-3FA9-59DD-814E-AD141081775A
> 
> 
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/smartcardservices-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20121018/afeed88e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4382 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20121018/afeed88e/attachment-0001.p7s>

More information about the SmartcardServices-Users mailing list