Inline<br><br>On Monday, March 2, 2015, Blumenthal, Uri - 0558 - MITLL <<a href="mailto:uri@ll.mit.edu">uri@ll.mit.edu</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Ridley, that's very encouraging, thanks!<br>
<br>
I built and installed OpenSC myself, but I don't recall installing (or even retrieving) OpenSC.tokend. I have installed SmartCardServices for 10.9 from MacOSforge, and my system seems to be running pcscd that came with it (?). I'm not sure I removed CACKey.
I will retrieve and either build or install binary OpenSC.tokend. <br>
<br>
Now some naïve questions, as I browsed the OpenSC.tokend github, but did not find/figure out some important things</font></div><div></div></blockquote><div> </div><div>I should mention I am not affiliated with that code project, just something I've tried for talking to the NEO. It appears quite functional but i noticed a general <span></span>warning about stability.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
Do I need to remove anything in order for it to run correctly?</font> </div></blockquote><div><br></div><div>Shouldn't need to remove anything. There is some sort of dark art to which tokend is used when there are multiple tokend(s) for the same card type. Really depends on the installers and if they remove any previously installed tokend. Sometimes it seems to be the last tokend installed or the first one the system has registered for that applet type - I'm actually not completely sure. Mostly I have tried to avoid that situation and only have one compatible tokend per applet type to be used. Sometimes it takes manual grooming of the /System/Library/Security/tokend folder if you have multiple compatible tokends for that type. Usually just backing up the tokends in there and removing or restoring if needed will get the job done if just testing. If the tokend is not there it will not be leveraged. [keep in mind they are directories not files]</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> How to I get it running (preferably at system startup, at user login at worst)?</font></div></blockquote><div> </div><div>Do you mean FV2? No hooks in FV2 as far as I know.</div><div><br></div><div>I think some third party full disk encryption products have at one time supported tokens but those are their own mini firmware OS, completely independent.</div><div><br></div>For at desktop login, there are several methods. The OS X Forge site has some instructions, I defer to them. Depends on what authentication criteria need to be satisfied and what type of environment. There are some standalone cacloginconfig configs that go way back many versions but I can't vouch for how well they currently work. If using PKINIT I think there are some nuances / limitations to UPN mapping and directory environment. There are also third party products in that solution space.<br><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Do I need to do anything to make other services and applications aware of it?</font></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">For example, the rest of OpenSC tools,
yubico-piv-too and other Yubico personalization software, GPG2 (I also use OpenPGP applet :), OS X tools such as Keychain and Apple Mail, Safari?</font></div><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br></font></div><div></div></blockquote><div><font><span style="background-color:rgba(255,255,255,0)">Once the container is a keychain item, it is just leveraged through that native framework like other keychain items for applications like - Mail, Safari, Outlook, Chrome, Etc. Other apps that talk directly to the firmware or via PKCS11 are independent of the tokend/keychain. Only exception to that I know of is the PKCS11 shim that was last in 10.7 - it was a PKCS11 interface for the PIV tokend - but the shim is longer distributed via OS X forge.</span></font></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
<br>
Finally, this OpenSC.tokend will work with CAC as well, correct? (It would be a shame to lose the ability to use CAC.)</font></div><div></div></blockquote><div><br></div><div>Not sure. Might depend what kind of card, which vintage and applet configuration.</div><div><br></div><div>For CAC I would just recommend using the CAC or CAC-NG provided in the smartcard services installer if that works. There are some third party products from Thursby, HID, and Centrify if full paid support is needed.</div><div><br></div><div>If your using a CAC with PIV applet, that might force the need to have one tokend that supports all PIV applets being used, if multiple PIV types. </div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
Thank you, and please pardon my ignorance.</font></div><div><font style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br><br>
-- <br>
Regards, <br>
Uri Blumenthal Voice: (781) 981-1638 <br>
Cyber Systems and Technology Fax: (781) 981-0186 <br>
MIT Lincoln Laboratory Cell: (339) 223-5363 <br>
244 Wood Street, Lexington, MA 02420-9185 <br>
<br>
Web: <a href="http://www.ll.mit.edu/CST/" target="_blank">http://www.ll.mit.edu/CST/</a> <br>
MIT LL Root CA: <<a href="https://www.ll.mit.edu/labcertificateauthority.html" target="_blank">https://www.ll.mit.edu/labcertificateauthority.html</a>></font></div></blockquote><div><br></div><div>No problem. Hope somebody else can jump in and answer better your Auth setup questions. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div> </div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div> </div></blockquote><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div> </div></blockquote><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br>
<br>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<font style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><b>From</b>: Ridley DiSiena [mailto:<a href="javascript:_e(%7B%7D,'cvml','rdisiena@gmail.com');" target="_blank">rdisiena@gmail.com</a>]
<br>
<b>Sent</b>: Monday, March 02, 2015 09:07 PM<br>
<b>To</b>: Blumenthal, Uri - 0558 - MITLL <br>
<b>Cc</b>: Henry B (Hank) Hotz, CISSP <<a href="javascript:_e(%7B%7D,'cvml','hotz@2ndquadrant.com');" target="_blank">hotz@2ndquadrant.com</a>>; <a href="javascript:_e(%7B%7D,'cvml','smartcardservices-users@lists.macosforge.org');" target="_blank">smartcardservices-users@lists.macosforge.org</a> <<a href="javascript:_e(%7B%7D,'cvml','smartcardservices-users@lists.macosforge.org');" target="_blank">smartcardservices-users@lists.macosforge.org</a>>; Thomas Westfeld <<a href="javascript:_e(%7B%7D,'cvml','westfeld@mac.com');" target="_blank">westfeld@mac.com</a>>
<br>
<b>Subject</b>: Re: [SmartcardServices-Users] Cannot use my Yubikey Neo <br>
</font> <br>
</div>
<div dir="ltr">
<div>
<div>I also can confirm that using the OS X Forge PIV tokend it does show the NEO PIV applet as a keychain. I tried in CCID mode and CCID with other modes enabled, doesn't make a difference.<br>
</div>
<div><br>
</div>
<div>There is an open source OpenSC tokend project - <a href="https://github.com/OpenSC/OpenSC.tokend" target="_blank">
https://github.com/OpenSC/OpenSC.tokend</a></div>
<div>I have a NEO-n and when in CCID mode the OpenSC tokend will show it as the PIV_II keychain. The NEO PIV applet doesn't even need to contain certificates, it will show the keychain for the container, just empty. So there is nothing you need to do to the
NEO out of the box besides enable CCID mode to make it show up as a keychain using the OpenSC tokend.</div>
<div><br>
</div>
<div>I know that doesn’t help resolve the issue with leveraging the PIV.tokend with the NEO PIV applet, but might help narrow down the problem space.</div>
</div>
<div><br>
</div>
<div>Ridley DiSiena</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Mar 2, 2015 at 5:31 PM, Blumenthal, Uri - 0558 - MITLL
<span dir="ltr"><<a href="javascript:_e(%7B%7D,'cvml','uri@ll.mit.edu');" target="_blank">uri@ll.mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px"><span><span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div><font><span style="font-size:10pt">
<div>I assume this is all on some MacOS. </div>
</span></font></div>
</div>
</div>
</blockquote>
</span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
</span>
<div style="font-family:Calibri,sans-serif">I don’t know, probably not.</div>
<span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div><font><span style="font-size:10pt">
<div>Which version are you using? </div>
</span></font></div>
</div>
</div>
</blockquote>
</span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
</span>
<div style="font-family:Calibri,sans-serif">I’m using Mavericks 10.9.5. Can’t move to Yosemite yet due so certain incompatibilities and code signing issues it sports.</div>
<span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div><font><span style="font-size:10pt">
<div>IIUC support for Yubikey was officially added in Yosemite. I didn’t mention it because I thought Thomas was using Yosemite, but I see it’s Maverics. Oops.</div>
</span></font></div>
</div>
</div>
</blockquote>
</span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
</span>
<div style="font-family:Calibri,sans-serif">:-)</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div style="font-family:Calibri,sans-serif">As I said, tools such as “piv-tool” do find the card and can talk to it. But Keychain doesn’t/cannot, nor can Apple Mail…</div>
<span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div><font><span style="font-size:10pt">
<div><span style="font-size:10pt">Prior to that you need to manually add the Yubikey to the whitelist for the smart card stuff to work. It appears the relevant plist hasn’t changed in a long time. Here’s the patch file I got for, I think, Snow Leopard.</span></div>
</span></font></div>
</div>
</div>
</blockquote>
</span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
</span>
<div style="font-family:Calibri,sans-serif">It looks like my copy of that Info.plist whitelists all the Yubikey configurations:</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div><font face="Courier">…..</font></div>
<div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><key>ifdVendorID</key></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><array></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x1050</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x1050</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x1050</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x1050</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x08E6</string></font></div>
</div>
<div><font face="Courier">……</font></div>
<div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><key>ifdProductID</key></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><array></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x0116</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x0115</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x0112</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x0111</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>0x2202</string></font></div>
</div>
<div><font face="Courier">……</font></div>
<div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><key>ifdFriendlyName</key></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><array></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>Yubico Yubikey NEO OTP+U2F+CCID</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>Yubico Yubikey NEO U2F+CCID</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>Yubico Yubikey NEO CCID</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>Yubico Yubikey NEO OTP+CCID</string></font></div>
<div><font face="Courier"><span style="white-space:pre-wrap"></span><string>Gemplus Gem e-Seal Pro</string></font></div>
</div>
<div><font face="Courier">……</font></div>
<div>
<div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div><font><span style="font-size:10pt">
<div><span style="font-size:10pt">On Feb 26, 2015, at 12:45 PM, Blumenthal, Uri - 0558 - MITLL <</span><a href="javascript:_e(%7B%7D,'cvml','uri@ll.mit.edu');" style="font-size:10pt" target="_blank">uri@ll.mit.edu</a><span style="font-size:10pt">> wrote:</span></div>
</span></font></div>
<div><font><span style="font-size:10pt">
<div><br>
> I can add that I seem to have a fully-configured Yubikey NEO card with<br>
> both OpenPGP and PIV applets loaded and provisioned - and Keychain refuses<br>
> to detect/recognize it.<br>
> <br>
> Here’s some output from OpenSC tools (I’d be happy to provide more if<br>
> needed, of course):<br>
> <br>
> $ piv-tool -vn<br>
> Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 00 00<br>
> Connecting to card in reader Yubico Yubikey NEO OTP+U2F+CCID 00 00...<br>
> Using card driver PIV-II for multiple cards.<br>
> Card name: PIV-II card<br>
> $ pkcs15-tool --list-certificates<br>
> Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 00 00<br>
> X.509 Certificate [Certificate for Digital Signature]<br>
> Object Flags : [0x0]<br>
> Authority : no<br>
> Path :<br>
> ID : 02<br>
> Encoded serial : 02 02 06C9<br>
> X.509 Certificate [Certificate for Key Management]<br>
> Object Flags : [0x0]<br>
> Authority : no<br>
> Path :<br>
> ID : 03<br>
> Encoded serial : 02 02 06C8<br>
> $<br>
> <br>
> <br>
> Firefox was able to see the NEO, and the certs on it.<br>
> <br>
> P.S. My setup works fine with CAC.<br>
> -- <br>
> Regards,<br>
> Uri Blumenthal Voice: <a href="tel:%28781%29%20981-1638" value="+17819811638" target="_blank">
(781) 981-1638</a><br>
> <br>
> <br>
> <br>
> On 2/26/15, 14:43 , "Henry B (Hank) Hotz, CISSP" <<a href="javascript:_e(%7B%7D,'cvml','hotz@2ndquadrant.com');" target="_blank">hotz@2ndquadrant.com</a>><br>
> wrote:<br>
> <br>
>> Hmmm. I was hoping someone else would take this one. My experiments<br>
>> didn’t go about it the “official way” like yours, and it was an older<br>
>> version of the applet to boot.<br>
>> <br>
>> Before I say “real” debugging is needed, can you try 1) reading it on a<br>
>> Debian Linux system, and 2) maybe loading the key/cert with the piv-tool<br>
>> from opensc?<br>
>> <br>
>> If you need to go farther, there are tools for dumping the USB messages,<br>
>> and it would probably be more productive if you went back to Yubico for<br>
>> support. The guy who wrote the PIV applet for them is Klas Lindfors, I<br>
>> believe. (I can give you his direct email and an introduction if needed.)<br>
>> Please keep me, or this list posted on how you get this resolved.<br>
>> <br>
>> On Feb 17, 2015, at 12:41 PM, Thomas Westfeld <<a href="javascript:_e(%7B%7D,'cvml','westfeld@mac.com');" target="_blank">westfeld@mac.com</a>> wrote:<br>
>> <br>
>>>> On Feb 1, 2015, at 1:50 PM, Thomas Westfeld <<a href="javascript:_e(%7B%7D,'cvml','westfeld@mac.com');" target="_blank">westfeld@mac.com</a>> wrote:<br>
>>>> <br>
>>>>> Hello everyone,<br>
>>>>> <br>
>>>>> I am proud owner of a new Yubikey NEO firmare 3.3.0, with CCID mode<br>
>>>>> enabled.<br>
>>>>> <br>
>>>>> I am having problems getting it to work, e.g. showing the<br>
>>>>> certificates of the yubikey in my keychain. I have installed the<br>
>>>>> latest Smartcard services for Mac OS 10.9. on my MacBookAir with PIV<br>
>>>>> tokend installed. I am currently running 10.9.5. on it.<br>
>>>>> <br>
>>>>> First of all, wenn I attach the yubikey, my console shows the<br>
>>>>> following:<br>
>>>>> <br>
>>>>> 01.02.15 22:44:08,127 UserEventAgent[11]: assertion failed: 13F34:<br>
>>>>> com.apple.telemetry + 16493 [AE0C3032-1747-317E-9871-E26B5B6B0120]:<br>
>>>>> 0xffffffffe00002ed<br>
>>>>> 01.02.15 22:44:08,803 com.apple.SecurityServer[15]: Token reader<br>
>>>>> Yubico Yubikey NEO OTP+CCID 00 00 inserted into system<br>
>>>>> 01.02.15 22:44:09,207 com.apple.SecurityServer[15]: token in reader<br>
>>>>> Yubico Yubikey NEO OTP+CCID 00 00 cannot be used (error 229)<br>
>>>>> <br>
>>>>> That does not sound too well. I then restarted the pcscd with the<br>
>>>>> —debug and —apdu flag and reattached the yubikey. this is the lengthy<br>
>>>>> output shown at the end of the post.<br>
>>>>> <br>
>>>>> Now my noob question: what can I do next? It does not seem to work or<br>
>>>>> am I missing something here?<br>
>>>> <br>
>>>> Without spending some time with 800-73, I can’t interpret the detailed<br>
>>>> dump. <br>
>>>> <br>
>>>> Let me ask you this: Have you actually gone through the<br>
>>>> initialization/provisioning steps to create a PIV container on the<br>
>>>> Yubikey? I assume it still comes blank from the factory, so there would<br>
>>>> not be any “token" in the “reader" for the software to connect with<br>
>>>> until you create one. They have some free utilities for the purpose,<br>
>>>> and there should have been a cheat-sheet in the box telling you how to<br>
>>>> do it.<br>
>>>> <br>
>>>> --<br>
>>>> Henry B. (Hank) Hotz, CISSP <a href="http://www.2ndQuadrant.com/" target="_blank">
http://www.2ndQuadrant.com/</a><br>
>>>> PostgreSQL Development, 24x7 Support, Training & Services<br>
>>>> <br>
>>> <br>
>>> Am 09.02.2015 um 03:15 schrieb Henry B (Hank) Hotz, CISSP<br>
>>> <<a href="javascript:_e(%7B%7D,'cvml','hotz@2ndquadrant.com');" target="_blank">hotz@2ndquadrant.com</a>>:<br>
>>> <br>
>>> First of all, thanks for your reply. It took me some time to have a<br>
>>> look in more detail. First I used the yubikey NEO manager to activate<br>
>>> the PIV applet on the NEO. I then took the following steps:<br>
>>> <br>
>>> 1. generate private key and selt-signed certificate using openssl:<br>
>>> # openssl req -x509 -node -newkey rsa:2048 -keyout key.pem -out<br>
>>> cert.pem -days 365<br>
>>> <br>
>>> 2. convert key and cert into p12 file<br>
>>> # openssl pkcs12 -export -out cert.p12 -inkey key.pem -in cert.pem<br>
>>> <br>
>>> 3. use homebrew to install yubikey-piv-tool and opensc<br>
>>> <br>
>>> 4. use the yubikey-piv-tool to load the private key and the cert into<br>
>>> the NEO<br>
>>> # yubico-piv-tool -s 9c -i cert.p12 -K PKCS12 -p 123 -a set-chuid -a<br>
>>> import-key -a import-cert<br>
>>> Successfully set new CHUID.<br>
>>> Successfully imported a new private key.<br>
>>> Successfully imported a new certificate.<br>
>>> <br>
>>> This at first sounds promising, however I get the very same error<br>
>>> messages and the yubikey PIV module does not appear in Keychain.<br>
>>> <br>
>>> Am I missing anything ?<br>
>>> Thanks in advance.<br>
>> <br>
>> --<br>
>> Henry B. (Hank) Hotz, CISSP <a href="http://www.2ndQuadrant.com/" target="_blank">
http://www.2ndQuadrant.com/</a><br>
>> PostgreSQL Development, 24x7 Support, Training & Services<br>
>> <br>
>> _______________________________________________<br>
>> SmartcardServices-Users mailing list<br>
>> <a href="javascript:_e(%7B%7D,'cvml','SmartcardServices-Users@lists.macosforge.org');" target="_blank">
SmartcardServices-Users@lists.macosforge.org</a><br>
>> <a href="https://lists.macosforge.org/mailman/listinfo/smartcardservices-users" target="_blank">
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users</a><br>
> _______________________________________________<br>
> SmartcardServices-Users mailing list<br>
> <a href="javascript:_e(%7B%7D,'cvml','SmartcardServices-Users@lists.macosforge.org');" target="_blank">SmartcardServices-Users@lists.macosforge.org</a><br>
> <a href="https://lists.macosforge.org/mailman/listinfo/smartcardservices-users" target="_blank">
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users</a><br>
<br>
--<br>
Henry B. (Hank) Hotz, CISSP <a href="http://www.2ndQuadrant.com/" target="_blank">
http://www.2ndQuadrant.com/</a><br>
PostgreSQL Development, 24x7 Support, Training & Services<br>
<br>
</div>
</span></font></div>
</div>
</div>
</blockquote>
</span></div>
</div>
</div>
<br>
_______________________________________________<br>
SmartcardServices-Users mailing list<br>
<a href="javascript:_e(%7B%7D,'cvml','SmartcardServices-Users@lists.macosforge.org');" target="_blank">SmartcardServices-Users@lists.macosforge.org</a><br>
<a href="https://lists.macosforge.org/mailman/listinfo/smartcardservices-users" target="_blank">https://lists.macosforge.org/mailman/listinfo/smartcardservices-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>