[SmartcardServices-Users] SuisseID on 10.8
Stephan Rickauer
stephan at rickauer.com
Mon Jul 15 06:50:38 PDT 2013
Hello list,
I am trying to get local logon to work on 10.8 using the SuisseID
smartcard [1] (not using anything fancy like a Domain, LDAP or whatnot,
just plain local fun).
What I've done so far:
- created a dedicated user called 'sc'
- installed Smart Card Services (needed?)
- listed available hashes with sc_auth:
$ sc_auth hash | grep SwissSign
607BD6C553D5BB8D654AB94AFFBB7C5521D8FBD1 SwissSign_dataEnc
AA779E7AD6DBB45AFCA48C64F1118E115DFB5604 SwissSign_nonRep
B6EFD1C9C5DA0D4B70E18B580BD22757D53D79AA SwissSign_digSig
607BD6C553D5BB8D654AB94AFFBB7C5521D8FBD1 SwissSign_dataEnc
- and assigned the right one to user 'sc':
$ sc_auth list -u sc
B6EFD1C9C5DA0D4B70E18B580BD22757D53D79AA
- properly edited /etc/authorization according to [2]
When the logon screen appears and the SuisseID USB stick is plugged in,
the screen switches to PIN entry mode. However, the PIN entered would
not work (even though it is correct, keyboard mappings can be ruled out,
too).
The system.log states:
Jul 15 14:06:09 macmini.local com.apple.SecurityServer[15]: Token reader
ACS ACR 38U-CCID 00 00 inserted into system
Jul 15 14:06:14 macmini.local com.apple.SecurityServer[15]: token
inserted into reader ACS ACR 38U-CCID 00 00
Jul 15 14:06:16 macmini.local com.apple.SecurityServer[15]: reader ACS
ACR 38U-CCID 00 00 inserted token "SwissSignID"
(SwissSignID-7bff2081ef0c1920) subservice 2 using driver
com.cryptovision.scinterface.tokend
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:24 macmini.local SecurityAgent[113]: User info context
values set for sc
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:31 macmini.local SecurityAgent[113]: User info context
values set for sc
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:33 macmini.local SecurityAgent[113]: User info context
values set for sc
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain
completed with: 4
Jul 15 14:06:35 macmini.local com.apple.SecurityServer[15]: Token reader
ACS ACR 38U-CCID 00 00 removed from system
[...]
[3] claims that status code 4 is a good sign, but that doesn't get me
any further either. Could anyone point me into the right direction, please?
Thanks a lot!
Stephan
[1]
http://postsuisseid.ch/de/documents/doc_download/43-suisseid-specification
[2] http://blog.inig-services.com/archives/1068
[3] https://discussions.apple.com/thread/3757421
More information about the SmartcardServices-Users
mailing list