My mac is stuck on OS X Yosemite 10.10.5 and won’t update past that, no updates on app store no nothing, I recently bought an iPhone x and iTunes won’t let me sync my old iphone back up because it needs an update which i cannot get, its frustrating me, I don’t know what to do anymore, I’ve looked everywhere on the Multiple CAC Enablers can cause your CAC Card reader not to work. I have a mac book pro with a osx 10.9.2 version.can anyone help me install the appropriate installations.Hp laserjet 1020 driver for mac yosemite. If a dialog box appears telling you to quit Reader, close Reader, and then click OK.Using PIV smart cards for HHS VPN login with Mac OS X 10.10 YosemiteIdentiv SCR3500 Smartfold Smart Card Reader. The Downloads page appears with a progress bar. Select your operating system, a language, and the version of Reader that you want to install. For step-by-step instructions, see Install Adobe Acrobat Reader DC on Mac OS.On the other hand, you may be a Windows user who is considering switching to a Mac. Hope it helps!Rocketek CAC Smart Card Reader - DOD Military USB Common Access CAC Card Reader - Credit Card Reader/CAC Chip Card Reader Compatible with Windows XP/Vista/7/8/10, Mac OS X/ID/IC Bank Card Reader DOD Military CAC USB Smart Card Reader for CAC Cards, Government ID, National ID, ActivClient, AKO, OWA, DKO, JKO, NKO, BOL, GKO, Marinenet, AF Portal, Pure Edge Perhaps you just bought a Macintosh computer that includes OS X Yosemite.Or maybe youve recently upgraded to Yosemite from a previous version of OS X (pronounced O-S ten). This includes built-in Smart Card Readers for the newer OS’s.Note: This entire post is basically google search bait designed to (hopefully) allow others struggling with the same issues to save a bit of time.Short SummaryI need to use a HHS PIV card to remotely access computer systems from a brand new Macbook air running OS X 10.10 Yosemite. Still – consider the Centrify software if you don’t want to spend $29. Still no idea why this is happening – on other versions of OS X my smart card credentials transparently passed onto the OS. Long story short: It works to get past the VPN gateway but throws the same “no valid certificates found” error when trying to login to the Windows desktop via a Citrix Receiver client. I just had a chance to test the new Yosemite 10.10 compatible free SmartCard utility from Centrfy mentioned here. If this is bothering or interesting you, you may want to monitor this URL: The bulk of this post concerns the $29 Pkard product from Thursby which is the first I found with explicit OS X 10.10 support.
Cac Reader Yosemite Mac OS XBackgroundI do some subcontracting work for a few US Government agencies, one of which requires me to be able to connect remotely to US.GOV networks and infrastructure. This was not something I needed to do on OS X 10.7 or 10.7 with the open source smart card software stack. It did, however work fast and got me successfully logged onto the remote VPN server.Current status: Thursby PKard software works well on Yosemite for VPN access but the Windows desktop I get sent to via a Citrix client reports “no valid certificates” and I’m forced to use my standard user login name and password to complete the final authentication. This will change but if you are in a hurry (as I was) the best thing you can do in the short term is pay $29.95 for the Thursby PKard software from — it installed seamlessly and allowed me to login via VPN although for some reason my certificates were not passed on to the Windows remote desktop system, hopefully I don’t need the $179 “ADmitMac” product for that.I expect the state of open source smart card and tokend implementations to get better and more easily usable on Yosemite so I may only be using the Thursday product for a short time. Java for mac freeBelkin flexible USB adapter – Amazon Link: SCM SCR3500 Smart Card Reader – Amazon Link: A perfect example of this is and – the site that I turned to first when looking for OS X Yosemite PIV/smartcard status info. It’s a very slick and interesting system.From what I can tell, PIV cards are very similar to the CAC cards carried by military members that are often required for secure web browsing and access to military resources In fact, when searching the internet for PIV assistance you will find that some of the best help resources are coming from the military CAC-user community. Two-factor authentication is achieved by having to punch in a PIN code when my certs are presented to the remote system. When I’m trying to physically enter a building the PIV card is my secure photo ID badge (with backup biometrics and fingerprints stored o it) — when I try to enter a US Government network “virtually” the same PIV card doubles as VPN access device because it contains a personal set of crypto keys that uniquely identify me. I was willing to pay $29.99 for the functionality I needed and the software and documentation is great but I’m not going to shell out $179 for SSO access to a Windows Desktop.I’m going to keep researching this and will keep an eye on the state of open source / free smart card services for Yosemite 10.10. I’m not sure if it’s a Citrix Receiver issue or perhaps this is a designed-in behavior of the Thursday software designed to upsell software that offers more functionality. Not optimal but it works for my purposes.Longer term I want this issue to go away. After getting past the VPN, the remote desktop session can’t see my PIV certificate and I have to fallback to using standard AD username and password. More readers nowadays are likelier to work, rather than not.– tokend, available from Open Source (I recommend ) or commercial vendors (Thursby PKard has very good reputation among the users) – lower-level PKCS#11 components (may not be necessary) – I recommend or. Starting with 10.12 the situation is likely to be completely different, and you indeed might not need any extra software.This assumes you have a working smartcard reader, such as SCM 3110, or Gemalto Dual Prox. Note that we are talking Mac OS X 10.9.x – 10.11.x. Unfortunately, without extra software it would not be possible, as Apple does not ship middleware necessary to interface between the smartcard and the OS and applications such as Keychain Access. “sc_auth hash” – locate and copy “PIV Auth” certificate hash4. If not – troubleshoot until you do.3. You should see your smartcard as another keychain. Insert your smartcard, and open Keychain Access. Using CLI, add root CA (and it appears that Intermediate CAs too if they are involved) to System.keychain, like “sudo security add-trusted-cert -d -k ‘/System/Keychains/System.keychain’ path_to_your_CA_cert”2. “sudo security authorizationdb smartcard status” should show that smartcard is enabled for authentication.You’re done – now you can login with your CAC/PIV card in addition to name/password.You may be able to configure the machine to enable *only* smartcard login, but I don’t know how (or if it is indeed possible). “sudo security authorizationdb smartcard enable”7. “sc_auth list -u your_user_name” should show that same hash.6.
0 Comments
Leave a Reply. |
AuthorSomphet ArchivesCategories |