[SmartcardServices-Users] OS X 10.9 Smart Card Logon But No PKINIT
Brown, Alexander [USA]
Brown_Alexander2 at bah.com
Fri May 16 12:08:23 PDT 2014
I have smart card logon working with Mac OS X 10.9 to a Windows Active Directory domain by using cacloginconfig.plist and mapping based on the NT Principal Name. So this is working ok but when I took a look at the traffic between the Mac and the Windows domain I noticed there wasn't any Kerberos traffic and PKINIT isn't being used. Does anyone have PKINIT working with OS X 10.9 and if so can you share some steps on how that is configured? When I have my smart card in and run "kinit -C KEYCHAIN: -D KEYCHAIN: --windows --pk-enterprise" I got the error "kinit: krb5_pk_enterprise_certs: Failed to find PKINIT certificate: Certificate not found". The smart card I am using for this is the DoD CAC.
Also one other question, does anyone know if any certificate revocation checking takes place on the Mac during smart card logon?
Booz | Allen | Hamilton
brown_alexander2 at bah.com<mailto:brown_alexander2 at bah.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SmartcardServices-Users