Saturday, March 21, 2009

87. NON WINDOWS SUPPORT & COMMON PROBLEMS

The Common Access Card is based on X.509 certificates with software middleware enabling an operating system to interface with the card via a hardware card reader. Although card manufacturers such as Schlumberger provided a suite of smartcard, hardware card reader and middleware for both Linux and Windows, not all other CAC systems integrators did likewise.


In an attempt to correct this situation, Apple has done work for adding support for Common Access Cards to their operating system right out of the box using the MUSCLE (Movement for the Use of Smartcards in a Linux Environment) project. The procedure for this has been well documented by the Naval Postgraduate School in the publication "CAC on a Mac" at http://cisr.nps.edu/pub_techrep.html . Some work has also been done in the Linux realm.


Some users are using the MUSCLE project combined with Apple's Apple Public Source Licensed Common Access Card software. Another approach to solve this problem, which is now well documented, involves the use of a new project, CoolKey, to gain Common Access Card functionality. This document is available publicly from the Naval Research Laboratory's Ocean Dynamics and Prediction's publications page by the author, Kenneth Van Alstyne, http://www7320.nrlssc.navy.mil/pubs.php.


Commercial vendors such as Centrify Corporation also offer a solution that enables smart card login to Active Directory on Mac OS X supporting CAC, PIV and .NET smart cards. Common problemsThe microchip is fragile and regular wear can make the card unusable.On a technical level, the cards have certificate issues where users can't log on even though their computers are set up correctly. In addition, different CAC vendors have posed issues with different card reader systems.

No comments:

Post a Comment