[Tokend-Dev] PKCS11 Tokend Mavericks: logs

Shawn Geddis geddis at me.com
Mon Mar 17 10:01:46 PDT 2014


Eugene,

Internal verification that it looks like there was regression on the VPN side of things.  Not a problem with any of the Smart Card Services components or your Tokend / PKC11 components.  

I’ll create a ticket in our system to reflect the status of the RADAR in Apple’s system.

-Shawn

On Mar 14, 2014, at 5:14 AM, Мироненко Евгений <mironenko at rutoken.ru> wrote:

> Shawn,
> 
> Finally I've captured logs from PKCS11. tokend: see the file attached. 
> I'd like to note, that there is no log activity during the selection of certificate in VPN client. 
> Activity logged corresponds to viewing the certificates in the keychain and signing e-mail.
> 
> <Gemalto.TokenD.log>
> Best regards,
> Eugene Mironenko
> 
> 12.03.2014, в 19:39, Shawn Geddis <geddis at me.com> написал(а):
> 
>> On Mar 12, 2014, at 5:29 AM, Мироненко Евгений <mironenko at rutoken.ru> wrote:
>> - Shawn_____________________________________________________________________
>> 
>>> Hello!
>>> 
>>> I'm using Gemalto Tokend to access the certificates on the token. On Mac OS X 10.8 the certificates on the token are accessible via Keychain Access, Mail utilities and built-in VPN client, but after updating to 10.9 I've got an issue that certificates on the token are not listed in built-in VPN client (when selecting authentication parameters) though they are visible in Keychain Access utility. 
>>> 
>>> Is it a problem with Tokend used or Apple has just cut out tokend support from VPN client? Is there any workaround for the issue?
>>> 
>>> Best regards,
>>> Eugene Mironenko
>> 
>> Eugene, 
>> 
>> Nothing has changed architecturally from the Apple side on Tokend or on the ability of any Apple services (ie. VPN) to utilize the Keychain APIs which is how they get access to Smart Cards supported with a Tokend.  Have you updated the Tokend for 10.9 using the updated installers posted ?  There was a security CVE addressed and implemented in the new updates as well.
>> 
>> Please capture logs before and during the transactions and submit with a ticket, so we can look into it.  We may uncover something from there.
>> 
>> -Shawn
>> _____________________________________________________________________
>> Shawn Geddis				  			        geddis@{Mac | Me | iCloud}.com
>> Enterprise Security Consulting Engineer, Apple     geddis at apple.com
>> 
>> Smart Card Services  Project/Dev Lead:                                                                                 
>> 				Project Wiki:		          [SmartCardServices.MacOSFforge.Org]
>> 				Mailing Lists:		         [Lists.MacOSForge.Org/mailman/listinfo]
>> 				SCS Contact:				           [scs-cotact at macosforge.org]
>> 				SCS Admin:				           [scs-admin at macosforge.org]
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/tokend-dev/attachments/20140317/1c002e89/attachment.html>


More information about the Tokend-Dev mailing list