[SmartcardServices-Users] Process behind /etc/cacloginconfig.plist

Daly, John CIV NAVAIR, 4L6200D john.l.daly at navy.mil
Fri Nov 15 06:47:22 PST 2013 

HI Yoann.
Thanks to your blogs, I've been able to get smart card authentication working with Open Directory, but never using cacloginconfig.plist.
I can marry an attribute in the user account to an attribute in the card in cacloginconfig.plist, but it still fails to log in on OpenDirectory.
kerberos has likewise never worked, either with the pubkeyhash configuration or the cacloginconfig.plist.
rumor has it that if the PKI-INIT worked, then kerberos would also work with cacloginconfig.plist, but it sounds like that might not be the case, since supposedly Active Directory is PKI-INIT capable, where apple's OpenDirectory is not.

If you get it working, I'd love to see the blog on it.

thanks
John



Message: 2
Date: Thu, 14 Nov 2013 22:51:55 +0100
From: Yoann Gini <yoann.gini at gmail.com>
To: SmartCard Services-Users
        <smartcardservices-users at lists.macosforge.org>
Subject: Re: [SmartcardServices-Users] Process behind
        /etc/cacloginconfig.plist       for Windows authentication ?
Message-ID: <C56B42ED-6E51-45F1-B83D-855328A9555F at gmail.com>
Content-Type: text/plain; charset="windows-1252"

Hi all,

First of all, I?m sorry for the noise, after re reading my whole config and my command line history I?ve see my error. On my SmartCard I?ve made a mistake when loading the certificate. I?ve used the wrong PIN ID to protect the private key.

So, my authentication is now working.

However, like Henry pointing out, the may have some difference between opening a session and getting a TGT?

And actually (on a 10.9), the Kerberos didn?t get the TGT from the login. Klist ask me for a password.

Does someone did successfully enable PKINIT/Kerberos things ?

Thanks for your interest, of course, if I end up with a working config, I will write a blog article :-)

Yoann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4806 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20131114/efe8c8ac/attachment-0001.p7s>

------------------------------

More information about the SmartcardServices-Users mailing list