[SmartcardServices-Users] Centrify vs Smart Card Services tokend
Uri Blumenthal
uri at mit.edu
Tue Mar 29 11:51:22 PDT 2016
On Mar 25, 2016, at 18:08 , Hoit, Daniel S. <hoit2 at llnl.gov<mailto:hoit2 at llnl.gov>> wrote:
I think there is some difference, but I'm not sure how much.
I know when I got my yubikey working as a PIV card, it was only with the Centrify tokenD, or at least thats my recollection.
I'd like to find the time eventually to add some user feedback on the lock state of the card to the Apple PIV tokend. The calls are all stubbed out, but not fedback to the UI in any way from what I could tell.
I had difficulties with CAC, and terrible difficulties with Yubikey (all the tokend's). With the help of Klaus from Yubikey and Jim Thomas from Thursby we straightened out the Yubikey case (Yubikey added the necessary fields that it was lacking, and that was that).
After that I decided that I’d really like a tokend that I could (a) build myself from the source, and (b) fix if/when necessary. Out of all the tokend’s available, only OpenSC satisfied both of those requirements, but it was the most broken one of the bunch. With the help of Frank Morgner and Doug Engert, now OpenSC.tokend (a) builds on all the Mac OS X platforms I care for (Snow Leopard, Yosemite, El Capitan), (b) works with all the tokens I have including CAC and Yubikey (NEO and 4), (c) provides full support for RSA (signature and encryption), and ECDSA support for ECC (I’ve added ECDH support but cannot test it as there is no application software I know of that can support ECC-based email encryption). It’s been tested with Web as well (Firefox using OpenSC, and Chrome/Safari using OpenSC.tokend). It seems to deal with the lock state (mostly) correctly. Apple Mail is the least stable app wrt. this, but re-inserting the token and re-starting the Mail client remedies its hiccups.
So, ideally I’d like to be able to build SmartCardServices tokend, to have a backup. Practically, I don’t think I really care any more. OpenSC.tokend does the job, and there’s supported Thursby PKard.tokend (don’t know how well it supports ECC, but again - there’s no application to test it against).
On Mar 25, 2016, at 11:20 AM, "Jorgensen, Will A" <Will at pnnl.gov<mailto:Will at pnnl.gov>>
wrote:
I’m curious if anyone has insight into how the Centrify tokend is different then the one that comes from the smart card services project. From what I can see, they appear to be identical. I’m wondering if they are just compiling and re-packaging the same code.
__________________________________________________
Will Jorgensen
IT Engineer
Communications & IT Directorate
Pacific Northwest National Laboratory
www.pnnl.gov<mailto:Jeff.Evans at pnnl.gov>
_______________________________________________
SmartcardServices-Users mailing list
SmartcardServices-Users at lists.macosforge.org<mailto:SmartcardServices-Users at lists.macosforge.org>
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
_______________________________________________
SmartcardServices-Users mailing list
SmartcardServices-Users at lists.macosforge.org<mailto:SmartcardServices-Users at lists.macosforge.org>
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
--
Uri the Great
uri at mit.edu<mailto:uri at mit.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20160329/cbff5e90/attachment.html>
More information about the SmartcardServices-Users
mailing list