[SmartcardServices-Users] Possible Stupid question
yoann.gini at gmail.com
Fri Feb 22 08:37:39 PST 2013
Le 22 févr. 2013 à 16:47, John Daly <john.l.daly at navy.mil> a écrit :
> I have an Open Directory setup and need to configure it so that users can
> log into their accounts using their smart card. So far, I've not been able
> to get this to work, and haven't been able to find a good set of
> instructions for doing so.
> Shawn's answers indicate that it's possible and perhaps considered such an
> easy, obvious, task that it doesn't require directions, but I'm one of the
> RTFM kinda guys, so I'd like to find the manual so I can read it.
This kind of setup works fine. I write a tutorial on my blog (in french) here http://blog.inig-services.com/archives/1068 (you can use Google Translate if you want).
What’s most interesting for you is my fixed version of sc_auth available here : http://blog.inig-services.com/wp-content/uploads/2012/04/sc_auth.zip
It allow you to register key hash in the AuthenticationAuthority field for the requested user.
You can use it like that :
./sc_auth accept -a diradmin -P -d /LDAPv3/office.inig-services.com -u yoanngini -k yoann at inig-services.com
Where yoanngini is my username and yoann at inig-services.com is the identifier of my key hash (available with sc_auth hash).
In fine, what you need it’s this result :
dscl /LDAPv3/office.inig-services.com read /Users/yoanngini AuthenticationAuthority
;ApplePasswordServer;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root at office.inig-services.com:192.168.42.10;Kerberosv5;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root at office.inig-services.com:192.168.42.10;pubkeyhash;8FC26FBDB681121596292A3D0A8AB9952EC1A4AC
Ask if you need more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4802 bytes
Desc: not available
More information about the SmartcardServices-Users