[SmartcardServices-Users] [EXTERNAL] Re: Pkinit working on MacOSX 10.9.5 or 10.10?
Glenn Machin
gmachin at sandia.gov
Mon Aug 31 04:39:47 PDT 2015
I did try it. It seemed like all it did, is what the Macforge
smartcard services package does, along with installing the CA
certificates for DOD (and maybe others) CAC cards.
It was early on and I have a little better understanding now , so I will
try again.
We are also going to get the non-express version of Centrify to see if
that enables pkinit with PIV for login and screenlock, I will let this
email list know what I find.
Thanks for the response,
Glenn
On 8/31/15 2:04 AM, Yoann Gini wrote:
>> Le 29 août 2015 à 23:30, Glenn Machin <gmachin at sandia.gov> a écrit :
>>
>> The only way I can see a Kerberos AS_REQ using PKINIT is using the command line "kinit -C KEYCHAIN: ».
> Same behaviors here. I’m not able to use standard system in PKINIT system.
>
>> Has anyone got PKINIT working via OpenDirectory during login or via pam modules (pam_opendirectory or pam_krb5)?
>>
>> Shame I don't see Apple publishing documents describing how to enable pkinit given federal government requirements for use of smartcards.
>> Seems like its the users helping users, while Apple keeps quiet.
> The only advice I can tell is to use Centrify Express. It’s free, it works, and it will be quick for you.
>
> Best regards,
> Yoann Gini
>
More information about the SmartcardServices-Users
mailing list