[SmartcardServices-Users] Store key on NFC tag that is acceptable to sc_auth?

Henrik Brautaset Aronsen henrik at synth.no
Sun Jan 25 08:08:57 PST 2015


On 24 Jan 2015, at 23:54, Shawn Geddis <geddis at icloud.com> wrote:
> 
> Your email messages are all referencing the support of hardware (NFC readers and the hardware of the smartcard recognition of the electronics of the smart card), but not the Applet on the card.  

This is just a rewritable NFC tag with about 800 bytes of rewriteable memory [1].  It's not interfaced with a smartcard, so I guess an applet is not available in my case.   

> Once your particular smart card type is supported by an installed Tokend, then ALL services access and use the card as a dynamic keychain - via keychain services.  No application or service needs to know it is a smart card and simply uses the standard keychain / Sec… APIs available on OS X.  So yes, once you have a supporting Tokend, you could use sc_auth to assign a card to an account for login, but realize that is not the normal method for Smart Card Login on OS X.  You are much better off  using the standard of PKINT which leverages both PKI and your Microsoft AD’s KDC.  

I opted for the simple hash authentication mechanism, since it looked like the simplest way to achieve my goal.  It would just require a field on my user's authentication_authority property containing the hash.

> So, before any of us can help you further, we need to know and understand what Card Type (applet loaded on the card) you are using or want to use on your system.

I really appreciate all the help I'm receiving!  But maybe logging into OSX with an NFC tag is not achievable?

Henrik

[1] http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf



More information about the SmartcardServices-Users mailing list