[SmartcardServices-Users] use multiple tokend

Shawn Geddis geddis at icloud.com
Thu Jan 16 14:38:40 PST 2014


On Nov 20, 2013, at 8:24 PM, Rogers, Ed <ed.rogers at lmco.com> wrote:
> I need to use both a CAC and a company issued smart card (PIV).  I’m using OS 10.9 and find that if I have both the CAC.tokend and the PIV.tokend installed, that only the first card used is supported and the next is not recognized.  I end up having to remove one of the tokend for the other to work.  Is there a tokend that supports both CAC and PIV or some way to allow both to be used such that the correct tokend is selected based on the card inserted?
> 
> R/ Ed Rogers
> SWFTS SE&I Technical Director
> LM Manassas
> (703) 367-1620

Ed,

Looks like you never got a response to your above question from back on Nov 20…..

CAC, CACNG, and PIV are all separate Card Profiles where each would be support by the corresponding Tokend module.  There would not be a case where you should have to move / remove  a Tokend module to allow for another Tokend to be used. They are all independent and will each be used to probe and support the cards inserted in to each of your attached and supported readers.  

In your case, when you insert the first card (say your CAC), the CAC.tokend should remain and support comms to that card.  When you add a second reader / insert your second card the corresponding PIV.tokend would remain and support comms to that card.  If you look at the running processes via Terminal you should see both CAC and PIV in the list.

When you say:
>  that only the first card used is supported and the next is not recognized.

Can you explain further about what you mean when you say “note the first card used is supported” ?

If you are attempting to authenticate, say for accounts and system config changes (i.e. System Preferences) then yes the first Token is assumed to be your Primary Authentication token.  However, that is not the case for any other Service / Application on OS X - For example, HTTPS, S/MIME, EAP-TLS, etc.

If you explain more I can help further.

- Shawn
_____________________________________________________________________
Shawn Geddis				  			          geddis@{Mac | Me | iCloud}.com
Enterprise Security Consulting Engineer, Apple     geddis at apple.com

Smart Card Services  Project/Dev Lead:                                                                                 
				Project Wiki:		          [SmartCardServices.MacOSFforge.Org]
				Mailing Lists:		         [Lists.MacOSForge.Org/mailman/listinfo]
				SCS Contact:				           [scs-cotact at macosforge.org]
				SCS Admin:				           [scs-admin at macosforge.org]
_____________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20140116/d2b3b044/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4457 bytes
Desc: not available
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20140116/d2b3b044/attachment.p7s>


More information about the SmartcardServices-Users mailing list