[SmartcardServices-Users] Possible Stupid question

Yoann Gini yoann.gini at gmail.com
Fri Feb 22 08:37:39 PST 2013

Hi John,

Le 22 févr. 2013 à 16:47, John Daly <john.l.daly at navy.mil> a écrit :

> I have an Open Directory setup and need to configure it so that users can
> log into their accounts using their smart card.  So far, I've not been able
> to get this to work, and haven't been able to find a good set of
> instructions for doing so.
> Shawn's answers indicate that it's possible and perhaps considered such an
> easy, obvious, task that it doesn't require directions, but I'm one of the
> RTFM kinda guys, so I'd like to find the manual so I can read it.

This kind of setup works fine. I write a tutorial on my blog (in french) here http://blog.inig-services.com/archives/1068 (you can use Google Translate if you want).

What’s most interesting for you is my fixed version of sc_auth available here : http://blog.inig-services.com/wp-content/uploads/2012/04/sc_auth.zip

It allow you to register key hash in the AuthenticationAuthority field for the requested user.

You can use it like that :
./sc_auth accept -a diradmin -P -d /LDAPv3/office.inig-services.com -u yoanngini -k yoann at inig-services.com

Where yoanngini is my username and yoann at inig-services.com is the identifier of my key hash (available with sc_auth hash).

In fine, what you need it’s this result :
dscl /LDAPv3/office.inig-services.com read /Users/yoanngini AuthenticationAuthority
 ;ApplePasswordServer;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root at office.inig-services.com:;Kerberosv5;0x5b4b4946b6ea9b2fd0000000600000006,1024 35 12345 root at office.inig-services.com:;pubkeyhash;8FC26FBDB681121596292A3D0A8AB9952EC1A4AC

Ask if you need more details.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4802 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20130222/b9e5d4ce/attachment-0001.p7s>

More information about the SmartcardServices-Users mailing list