[SmartcardServices-Users] Problems accessing Certificates on ActivKey

Shawn Geddis geddis at apple.com
Tue Apr 23 11:40:52 PDT 2013 

Alvaro,

Updates could be done to support all types of devices and profiles.  I just did not want to promise something that you needed in a timely manner.  You have options and if you are desperate and need this now, I can say it would not be a short turnaround.  We are always looking to added support for more, but time is not always on our side.

It all comes down to the need for the Tokend modules to be updated to support more compliant profiles.  I will be quick to acknowledge that the current Tokend modules are not fully compliant with the current/active specifications and hence there are situations like your where the Tokend recognizes the profile, but fails to properly populate the objects for use by the Keychain Services.  A need for updates rather than a regression, but I know that does not provide you any solace.

- Shawn
______________________________________________________
Shawn Geddis				  			          geddis at me.com
Enterprise Security Consulting Engineer, Apple     geddis at apple.com

MacOSForge: Smart Card Services  Project Lead:                                                                                 
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo
______________________________________________________

On Apr 23, 2013, at 2:32 PM, Alvaro <alvaro.picapau at gmail.com> wrote:

> Thanks Shawn,
> 
> You mentioned that you dont support ActivKey, but it was actually working great before my certificate expired and IT set a new one. The case is the similar as http://smartcardservices.macosforge.org/trac/ticket/90  (Where I posted a comment).
> 
> As I said, I had the same problem on linux with coolkey and solved it using a patched version to support multi slots.
> It seems like new ActiveClient software uses non standard slots to store certificates.
> 
> Any chance the CAC tokend can be updated to support this?
> 
> Thanks,
> A.
> 
> Un saludo,
> 
> Alvaro
> 
> 
> On Tue, Apr 23, 2013 at 6:14 PM, Shawn Geddis <geddis at apple.com> wrote:
> Alvaro,
> 
> As noted in previous message, you have several vendors who support Tokend on OS X...
>> In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support:  https://smartcardservices.macosforge.org/trac/wiki/tokend
> 
> 
> - Shawn
> ______________________________________________________
> Shawn Geddis				  			          geddis at me.com
> Enterprise Security Consulting Engineer, Apple     geddis at apple.com
> 
> MacOSForge: Smart Card Services  Project Lead:                                                                                 
> 	Web:	http://smartcardservices.macosforge.org/
> 	Lists:	http://lists.macosforge.org/mailman/listinfo
> ______________________________________________________
> 
> 
> On Apr 23, 2013, at 12:05 PM, Alvaro <alvaro.picapau at gmail.com> wrote:
> 
>> Thanks for the prompt response Shawn,
>> 
>> What are the free and commercial alternatives? I would like to try everything I can get my hands on.
>> 
>> Cheers,
>> A.
>> 
>> 
>> Un saludo,
>> 
>> Alvaro
>> 
>> 
>> On Tue, Apr 23, 2013 at 5:57 PM, Shawn Geddis <geddis at apple.com> wrote:
>> On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau at gmail.com> wrote:
>>> Hi all,
>>> I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed.
>>> I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices (https://bugzilla.redhat.com/show_bug.cgi?id=826286). 
>>> Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
>>> 
>>> I have a great new macbook pro that I cannot use for work due to this problem.
>> 
>> 
>> Alvaro,
>> 
>> I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey.  That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting.
>> 
>> You can always file a Ticket on this as well:  https://smartcardservices.macosforge.org/trac/newticket
>> 
>> In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support:  https://smartcardservices.macosforge.org/trac/wiki/tokend
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20130423/2768a029/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4418 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20130423/2768a029/attachment.p7s>

More information about the SmartcardServices-Users mailing list