[Tokend-Dev] Building Tokend on Leopard?

Henry B. Hotz hotz at jpl.nasa.gov
Mon Mar 16 18:02:43 PDT 2009

On Mar 16, 2009, at 5:29 PM, Shawn A. Geddis wrote:

> On Mar 16, 2009, at 8:23 PM, Henry B. Hotz wrote:
>> That sounds like standard policy, which is fine.
>> Am I wrong to believe that the posted source for this project is  
>> newer and more Snow-Leopard-like than the 9G55 version of Tokend?   
>> If it is, then I'm still interested.
> The Source for ALL of the sub-components of this project  
> "SmartCardServices" are all exact copies of the source which was  
> compiled and shipped in Mac OS X 10.5.6.  We will make note of this  
> on the wiki pages as we move forward with this project.

So this project's Tokend is identical to Tokend-35209?

> The issue you seem to be trying to resolve is related to the  
> 1024/2048 key size issue with the shipped PIV tokend.  I am getting  
> that source and binary out here as soon as I can and will post a  
> note then as well.

Well, I'm told that's the problem.  I can't say I know that's the  
issue independently.  I just know that the 10.5.6 Tokend can't  
identify the user for loginwindow.  OpenSC Tokend and ActiveIdentity  
Tokend can do that, but they can't unlock the card with a PIN.

If I got past this hump, I'd ask about Apple's support for MIT  
Kerberos' pre-auth plugin interface and PKINIT, but that would be  
severely off-topic.  ;-)

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the Tokend-Dev mailing list