[SmartcardServices-Users] CAC Login without Internet connection

[Michael Kluskens]

OS X's caching of the CRL list information is too short.  Is is possible to change the cache timeout?

Background:

CAC login using SmartCardServices, edited /etc/authorization, added DoD certificates to System keychain.

CAC login requires an active Internet connection in order to check the CRL lists.

Problem is that we can't login into our computer when they are not connected to the Internet.  If someone takes a laptop to a meeting they can't use their laptop since we rarely have Internet at meetings.  Same problem for work at home and on travel.  Unless the network connection is known and set up before they leave the office they can't use their computer.  If the computer returns to work with the "wrong" network configuration selected they will not be able to log in.

If I CAC login to my computer, remove it from the Internet for "too long" I can't unlock the screen saver and the machine required a hard power off to recover.

Michael