<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">On Nov 25, 2013, at 8:52 AM, Miller, Timothy J. <<a href="mailto:tmiller@mitre.org">tmiller@mitre.org</a>> wrote:<br><br><blockquote type="cite">CACs *are* PIVs (the have a PIV interface); PIV.tokend can drive both. The DoD Identity certificate is not available through the PIV interface, so if you need that certificate you'll have a problem with applications that need it (e.g., for MyPay/MyBenefits).<br><br>There is thrid party software that will manage both on OS X, but it's not appropriate to stump for a vendor here, so I'll leave you to your Googling. :)<br><br>-- T<br><br>________________________________________<br>From: <a href="mailto:smartcardservices-users-bounces@lists.macosforge.org">smartcardservices-users-bounces@lists.macosforge.org</a> [smartcardservices-users-<a href="mailto:bounces@lists.macosforge.org">bounces@lists.macosforge.org</a>] on behalf of Rogers, Ed [<a href="mailto:ed.rogers@lmco.com">ed.rogers@lmco.com</a>]<br>Sent: Wednesday, November 20, 2013 07:24<br>To: <a href="mailto:smartcardservices-users@lists.macosforge.org">smartcardservices-users@lists.macosforge.org</a><br>Subject: [SmartcardServices-Users] use multiple tokend<br><br>I need to use both a CAC and a company issued smart card (PIV). I’m using OS 10.9 and find that if I have both the CAC.tokend and the PIV.tokend installed, that only the first card used is supported and the next is not recognized. I end up having to remove one of the tokend for the other to work. Is there a tokend that supports both CAC and PIV or some way to allow both to be used such that the correct tokend is selected based on the card inserted?<br><br>R/ Ed Rogers<br>SWFTS SE&I Technical Director<br>LM Manassas<br>(703) 367-1620</blockquote><div><br></div><div>Tim,</div><div><br></div><div>After sending a response to Ed just now on his message, I saw and realized that you had provided a response on Nov 25, unfortunately, <b>with respect to Smart Card Services on OS X</b> your information is not correct.</div><div><br></div><div><b>With respect to the OS X Tokend modules</b> (originally included in OS X and now provided via the SmarCardServices Project):</div><div> </div><div><b>CAC</b> <span class="Apple-tab-span" style="white-space:pre"> </span>- Original Common Access Cards with a single CAC Applet</div><div><b>CACNG</b> <span class="Apple-tab-span" style="white-space:pre"> </span>- CACNG Cards with both CACv2 and PIV Applets (some refer to this as <b><span style="line-height: 16px;">Dual</span><span style="line-height: 16px;">-Persona</span></b><span style="color: rgb(68, 68, 68); font-family: arial, sans-serif; font-size: small; line-height: 16px; background-color: rgb(255, 255, 255);">)</span></div><div><b>PIV</b> <span class="Apple-tab-span" style="white-space:pre"> </span>- Cards with only the PIV Applet</div><div><br></div><div>Each one of these Card Profiles are supported by the corresponding Tokend modules provided:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span><b>CAC.tokend</b>, <b>CACNG.tokend</b>, and <b>PIV.tokend</b></div><div><br></div><div>Cards recognized on OS X as having the CACNG profile will have objects from both Applets appear and be usable from one single Dynamic Keychain. Its default Keychain Name will begin with “CACNG-…..”</div><div><br></div><div>You can use and select ANY of the certificates from either the CACv2 or the PIV side of the CACNG Card at all times on OS X. If you or anyone who has an issued CACNG is having troubles with this, I would love to get more information on the actual/perceived failures.</div><div><br></div><br><div apple-content-edited="true">- Shawn<br>_____________________________________________________________________<br>Shawn Geddis<span class="Apple-tab-span" style="white-space:pre"> </span> <span class="Apple-tab-span" style="white-space:pre"> </span> <span style="orphans: 2; widows: 2;">geddis@{Mac | Me | iCloud}.com</span><br>Enterprise Security Consulting Engineer, Apple <a href="mailto:geddis@apple.com">geddis@apple.com</a><br><br>Smart Card Services Project/Dev Lead: <br><span class="Apple-tab-span" style="white-space:pre"> </span>Project Wiki:<span class="Apple-tab-span" style="white-space:pre"> </span> [<a href="http://SmartCardServices.MacOSFforge.Org">SmartCardServices.MacOSFforge.Org</a>]<br><span class="Apple-tab-span" style="white-space:pre"> </span>Mailing Lists:<span class="Apple-tab-span" style="white-space:pre"> </span> [Lists.MacOSForge.Org/mailman/listinfo]<br><span class="Apple-tab-span" style="white-space:pre"> </span>SCS Contact:<span class="Apple-tab-span" style="white-space:pre"> </span> [scs-cotact@macosforge.org]<br><span class="Apple-tab-span" style="white-space:pre"> </span>SCS Admin:<span class="Apple-tab-span" style="white-space:pre"> </span> [scs-admin@macosforge.org]<br>_____________________________________________________________________<br></div><br><br></body></html>