<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Henrik,</div><div class=""><br class=""></div><div class="">Your email messages are all referencing the support of hardware (NFC readers and the hardware of the smartcard recognition of the electronics of the smart card), but not the Applet on the card. Support for communicating correctly with the Applet loaded onto a card is done by a corresponding TokenD. You do not select the card to use a particular Tokend, but rather you must have installed a TokenD that supports the Applet loaded on the card. There are many Applet specifications out there, so you need to know what your card is using and install the appropriate TokenD. Whether you access the card with a generic CCID USB-based smart card reader or a USB-NFC based reader is not the problem you are facing.</div><div class=""><br class=""></div><div class="">Once your particular smart card type is supported by an installed Tokend, then ALL services access and use the card as a dynamic keychain - via keychain services. No application or service needs to know it is a smart card and simply uses the standard keychain / Sec… APIs available on OS X. So yes, once you have a supporting Tokend, you could use sc_auth to assign a card to an account for login, but realize that is not the normal method for Smart Card Login on OS X. You are much better off using the standard of PKINT which leverages both PKI and your Microsoft AD’s KDC. </div><div class=""><br class=""></div><div class="">So, before any of us can help you further, we need to know and understand what Card Type (applet loaded on the card) you are using or want to use on your system.</div><div class=""><br class=""></div><br class=""><div apple-content-edited="true" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-weight: normal;" class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">- Shawn</span></div><div style="font-weight: normal;" class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">_______________________________________________________________________<br class="">Shawn Geddis<span class="Apple-tab-span" style="white-space: pre;">                                </span> <span class="Apple-tab-span" style="white-space: pre;">                        </span> </span></div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span style="font-family: Arial; orphans: auto; widows: auto; text-align: -webkit-auto;" class=""><b class="">Security and Certifications Engineer</b></span><b style="font-weight: normal;" class="">, Apple</b> (<a href="mailto:geddis@apple.com" style="font-weight: normal;" class="">geddis@apple.com</a>)<br class=""><b class="">SCAP-On-Apple</b></span><span class="Apple-style-span" style="font-weight: normal; border-collapse: separate; border-spacing: 0px;"> Project/Dev Lead:<span class="Apple-tab-span" style="white-space: pre;">                </span> (</span><a href="http://scap-on-apple.macosforge.org/" style="font-weight: normal;" class="">SCAP-On-Apple.MacOSForge.Org</a>)</div><div style="font-weight: normal;" class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><b class="">SmartCardServices</b></span><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"> Project/Dev Lead: <span class="Apple-tab-span" style="white-space: pre;">                </span> (</span><a href="http://smartcardservices.macosforge.org/" class="">SmartCardServices.MacOSForge.Org</a>)</div><div style="font-weight: normal;" class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">_______________________________________________________________________</span></div></div></div></div></div></div></div></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 24, 2015, at 4:53 AM, Henrik Brautaset Aronsen <<a href="mailto:henrik@synth.no" class="">henrik@synth.no</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">Yoann Gini wrote:
<blockquote style="word-wrap: break-word;" cite="mid:47BDBC07-553A-4037-B241-210D59643286@gmail.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><span class="">Le 20 janv. 2015 à 20:51, Henrik Brautaset Aronsen
<<a moz-do-not-send="true" href="mailto:henrik@synth.no" class="">henrik@synth.no</a>>
a écrit : <br class="">
</span><div class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class=""><span class=""></span><span class="">The stock OSX version of pcsctest finds the reader just
fine:<br class="">
<br class="">
$ /usr/bin/pcsctest<br class="">
<br class="">
Testing SCardEstablishContext : Command successful.<br class="">
Testing SCardGetStatusChange <br class="">
Please insert a working reader : Command successful.<br class="">
Testing SCardListReaders : Command successful.<br class="">
Reader 01:
ACS ACR122U </span><br class="">
</div>
</div></blockquote><br class=""></div><div class="">If the built in pc/sc detect
the reader, it’s a good start. It means it’s working on the reader side.</div><div class=""><br class=""></div><div class="">Now you need to look at your cards. Which NFC
chipset do you use? And with which TockenD module? <br class="">
</div></div>
</blockquote>
<br class="">
The reader says:<br class="">
<br class="">
$ /usr/bin/pcsctest<br class="">
...<br class="">
Reader 01: ACS ACR122U<br class="">
Waiting for card insertion : Command successful.<br class="">
Testing SCardConnect : Command successful.<br class="">
Testing SCardStatus : Command successful.<br class="">
Current Reader Name : ACS ACR122U<br class="">
Current Reader State : 0x54<br class="">
Current Reader Protocol : 0x0<br class="">
Current Reader ATR Size : 20 (0x14)<br class="">
Current Reader ATR Value : 3B xx xx xx<br class="">
<br class="">
The chipset is is a 13.56MHz ISO14443A & NFC Type 2 compliant
NTAG216 RFID chipset. I haven't selected any TokenD module, mostly
because I don't know how to. Any feedback on this is greatly
appreciated.<br class="">
<br class="">
<blockquote style="word-wrap: break-word;" cite="mid:47BDBC07-553A-4037-B241-210D59643286@gmail.com" type="cite" class="">
<div class=""><div class="">Don’t forget that SmartCards aren’t just storage
cards, you have a microprocessor and a small system on it to store yours
keys and handle the secure communication.</div></div>
</blockquote>
<br class="">
I realize this. But according to <a class="moz-txt-link-freetext" href="http://support.apple.com/kb/TA24244">http://support.apple.com/kb/TA24244</a> it
seems that I can get away with storing a key on the NFC that is
accessible with "sc_auth hash". Does that sound reasonable?<br class="">
<br class="">
Cheers,<br class="">
Henrik<br class="">
</div>
_______________________________________________<br class="">SmartcardServices-Users mailing list<br class=""><a href="mailto:SmartcardServices-Users@lists.macosforge.org" class="">SmartcardServices-Users@lists.macosforge.org</a><br class="">https://lists.macosforge.org/mailman/listinfo/smartcardservices-users<br class=""></div></blockquote></div><br class=""></body></html>