[SmartcardServices-Users] SuisseID on 10.8

Stephan Rickauer stephan at rickauer.com
Mon Jul 15 06:50:38 PDT 2013


Hello list,

I am trying to get local logon to work on 10.8 using the SuisseID 
smartcard [1] (not using anything fancy like a Domain, LDAP or whatnot, 
just plain local fun).

What I've done so far:
- created a dedicated user called 'sc'
- installed Smart Card Services (needed?)
- listed available hashes with sc_auth:

$ sc_auth hash | grep SwissSign
607BD6C553D5BB8D654AB94AFFBB7C5521D8FBD1 SwissSign_dataEnc
AA779E7AD6DBB45AFCA48C64F1118E115DFB5604 SwissSign_nonRep
B6EFD1C9C5DA0D4B70E18B580BD22757D53D79AA SwissSign_digSig
607BD6C553D5BB8D654AB94AFFBB7C5521D8FBD1 SwissSign_dataEnc

- and assigned the right one to user 'sc':

$ sc_auth list -u sc
B6EFD1C9C5DA0D4B70E18B580BD22757D53D79AA

- properly edited /etc/authorization according to [2]

When the logon screen appears and the SuisseID USB stick is plugged in, 
the screen switches to PIN entry mode. However, the PIN entered would 
not work (even though it is correct, keyboard mappings can be ruled out, 
too).

The system.log states:

Jul 15 14:06:09 macmini.local com.apple.SecurityServer[15]: Token reader 
ACS ACR 38U-CCID 00 00 inserted into system
Jul 15 14:06:14 macmini.local com.apple.SecurityServer[15]: token 
inserted into reader ACS ACR 38U-CCID 00 00
Jul 15 14:06:16 macmini.local com.apple.SecurityServer[15]: reader ACS 
ACR 38U-CCID 00 00 inserted token "SwissSignID" 
(SwissSignID-7bff2081ef0c1920) subservice 2 using driver 
com.cryptovision.scinterface.tokend
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:16 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:24 macmini.local SecurityAgent[113]: User info context 
values set for sc
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:24 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:31 macmini.local SecurityAgent[113]: User info context 
values set for sc
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:31 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:33 macmini.local SecurityAgent[113]: User info context 
values set for sc
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain started
Jul 15 14:06:33 macmini.local authorizationhost[112]: validate chain 
completed with: 4
Jul 15 14:06:35 macmini.local com.apple.SecurityServer[15]: Token reader 
ACS ACR 38U-CCID 00 00 removed from system
[...]

[3] claims that status code 4 is a good sign, but that doesn't get me 
any further either. Could anyone point me into the right direction, please?

Thanks a lot!
Stephan


[1] 
http://postsuisseid.ch/de/documents/doc_download/43-suisseid-specification
[2] http://blog.inig-services.com/archives/1068
[3] https://discussions.apple.com/thread/3757421


More information about the SmartcardServices-Users mailing list