<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><blockquote type="cite" style="orphans: auto; widows: auto;" class=""><span style="orphans: 2; widows: 2;" class="">On Jan 25, 2015, at 8:08 AM, Henrik Brautaset Aronsen <<a href="mailto:henrik@synth.no" class="">henrik@synth.no</a>> wrote:</span><br class=""></blockquote><blockquote type="cite" class="">On 24 Jan 2015, at 23:54, Shawn Geddis <<a href="mailto:geddis@icloud.com" class="">geddis@icloud.com</a>> wrote:<br class=""><blockquote type="cite" class=""><br class="">Your email messages are all referencing the support of hardware (NFC readers and the hardware of the smartcard recognition of the electronics of the smart card), but not the Applet on the card. <br class=""></blockquote><br class="">This is just a rewritable NFC tag with about 800 bytes of rewriteable memory [1]. It's not interfaced with a smartcard, so I guess an applet is not available in my case. <br class=""><br class=""><blockquote type="cite" class="">Once your particular smart card type is supported by an installed Tokend, then ALL services access and use the card as a dynamic keychain - via keychain services. No application or service needs to know it is a smart card and simply uses the standard keychain / Sec… APIs available on OS X. So yes, once you have a supporting Tokend, you could use sc_auth to assign a card to an account for login, but realize that is not the normal method for Smart Card Login on OS X. You are much better off using the standard of PKINT which leverages both PKI and your Microsoft AD’s KDC. <br class=""></blockquote><br class="">I opted for the simple hash authentication mechanism, since it looked like the simplest way to achieve my goal. It would just require a field on my user's authentication_authority property containing the hash.<br class=""><br class=""><blockquote type="cite" class="">So, before any of us can help you further, we need to know and understand what Card Type (applet loaded on the card) you are using or want to use on your system.<br class=""></blockquote><br class="">I really appreciate all the help I'm receiving! But maybe logging into OSX with an NFC tag is not achievable?<br class=""><br class="">Henrik<br class=""><br class="">[1] <a href="http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf" class="">http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf</a><br class=""></blockquote><br class=""><div class=""><br class=""></div><div class="">Henrik,</div><div class=""><br class=""></div><div class=""><blockquote type="cite" class="">This is just a rewritable NFC tag with about 800 bytes of rewriteable memory [1]. It's not interfaced with a smartcard, so I guess an applet is not available in my case. </blockquote></div><div class=""><br class=""></div><div class="">A TokenD can be written to communicate with just about any type of device or technology. Sorry if I implied otherwise. My reference to Applet was because the vast majority of Smart Cards/Readers in use, particularly on OS X, are those used for PKI and are applet based. Any developer, however, can create a TokenD that communicates with any technology — an NFC tag, an HSM, a key FOB, etc… </div><div class=""><br class=""></div><div class="">Looking at content from your original email message:</div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><span style="font-family: Palatino-Roman; font-size: 12px;" class="">17/01/15 21:04:28,005 com.apple.SecurityServer[71]: reader ACS ACR122U: state changed 16 -> 34</span><br style="font-family: Palatino-Roman; font-size: 12px;" class=""><span style="font-family: Palatino-Roman; font-size: 12px;" class="">17/01/15 21:04:30,066 com.apple.SecurityServer[71]: token in reader ACS ACR122U cannot be used (error 229)</span><br style="font-family: Palatino-Roman; font-size: 12px;" class=""><span style="font-family: Palatino-Roman; font-size: 12px;" class="">17/01/15 21:04:33,567 com.apple.SecurityServer[71]: reader ACS ACR122U: state changed 32 -> 18</span><br style="font-family: Palatino-Roman; font-size: 12px;" class=""></div></blockquote><div class=""><br class=""></div><div class="">The second line shows that no currently installed TokenD responded to the SmartCardServices layer that it could recognize and communicate with the current token recognized after the event “token Insertion” (card insertion) took place. If you develop a TokenD to respond with success after probing the Token, you would then have a TokenD which would remain loaded until the “token removal” (card removal) event was recognized. </div><div class=""><br class=""></div><div class="">If you are going to be doing the development yourself or you are helping someone else do the development, you might want to look at the source code in the repository for say "PIV” (for PIV.tokend) inside the tokend Xcode Project and start with the probe function to understand how the "score” determines which TokenD “wins” and remains loaded/communicating with the ‘token’. Please keep in mind the open source licensing requirements.</div><div class=""><br class=""></div><div class="">It is possible to do what you want *IF* you develop or have someone else develop the corresponding TokenD to support the devices (ie. NXP NTAG) you wish to use.</div><div class=""><br class=""></div><div class="">Hope this helps to explain the environment better and give you guidance as to how to proceed.</div><div class=""><br class=""></div><div class=""><div apple-content-edited="true" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-family: Helvetica; orphans: 2; text-align: -webkit-auto; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">- Shawn</span></div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">_______________________________________________________________________<br class="">Shawn Geddis<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span> </span></div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span style="font-family: Arial; orphans: auto; widows: auto; text-align: -webkit-auto;" class=""><b class="">Security and Certifications Engineer</b></span>, Apple (<a href="mailto:geddis@apple.com" class="">geddis@apple.com</a>)<br class=""><b class="">SCAP-On-Apple</b></span><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"> Project/Dev Lead:<span class="Apple-tab-span" style="white-space: pre;"> </span> (</span><a href="http://scap-on-apple.macosforge.org/" class="">SCAP-On-Apple.MacOSForge.Org</a>)</div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><b class="">SmartCardServices</b></span><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"> Project/Dev Lead: <span class="Apple-tab-span" style="white-space: pre;"> </span> (</span><a href="http://smartcardservices.macosforge.org/" class="">SmartCardServices.MacOSForge.Org</a>)</div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;">_______________________________________________________________________</span></div><div class=""><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><br class=""></span></div></div></div></div></div></div></div></div></div></div></div></body></html>