Smart Card login for ordinary folk

Similar Messages

• Smart card login and sparsebundle password

  Hi,
  I am using a PIV profiled card to login to my mac. I am using Snow Leopard 10.6.2 and have successfully used the card to login to the machine and do signed and encrypted emails. Every login I get prompted after smart card login for the password for my sparsebundle (I had been using filevault prior to introducing the card) and even though I tick the "save password" option I still am prompted on each login. Does anyone know if there is any way to associate my smartcard login with an existing sparsebundle? Also, is there any way to force the machine to use a smart card login only (i.e. remove the password option)?
  Many thanks
  Michael

  I'm guessing that since you are not entering a password, the sparse bundle is not being unlocked. I don't know of a way to tie it to the smart card login. It sounds similar to when you put a different password on your default keychain. It won't unlock on login because you are not entering its password.

• TACACS+ and Smart Card login

  We are currently using Cisco ACS 5.3 integrated with Active Directory for authentication to our Cisco devices. We are looking to move to smart card logins and trying to find out if this is possible to authenticate to the console/ssh on the router/switch using a smart card.

  Direct Smart card authentication is not supported for vty / console session on IOS. However, via TACACS to a AAA server (e.g. Cisco ACS) you can turn it to use a two factor-based external authentication store. Even if the Smart card get the PKI cert of some kind to the client PC and then to the terminal emulator like Putty or SecureCRT, AAA with Tacacs + would not be possible as Tacacs is not capable for encapsulating any kind of PKI.
  Jatin Katyal
  - Do rate helpful posts -

• How to configure smart card login in sunray 2fs??

  Hi all,
  Please help me to configure smart card login using Sun Ray Server Software 4.0... How to assign a smart card for a particular user? Do I need to flash th smart card for user information or any other method exists?

  I'm not sure what you know or don't know about this so I'll give you what I know:
  1. Create a token reader and a token
  * Plugin a Sun Ray DTU/client
  * Check the MAC address of the Sun Ray you just plugged in
  * Access the Sun Ray admin GUI
  * Choose the 'Desktop Units' tab
  * See if your Sun Ray DTU is listed (if it isn't listed you have Sun Ray Server configuration issues...)
  * If it is listed click the identifier
  * Check the status of the DTU to see if this particular unit is already a token reader (normally it is not, i.e. by default a Sun Ray DTU is not)
  * Click 'Edit'
  * Check 'Token Reader'
  * Click 'OK'
  * /opt/SUNWut/sbin/utrestart (I'm not sure if a warm restart is OK or a hard restart is necessary)
  Now insert a shiny new Java card into your token reader's slot
  * In the Sun Ray admin GUI choose the 'Tokens' tab
  * Search for currently used tokens
  * You should see a token identifier such as 'Payflex.blah' under your desktop unit (i.e. the token reader)
  * Click the token identifier and click 'Edit'
  * Assign a username (i.e. Unix username) to the token under 'Owner'
  * Click 'OK' and remove the smart card from the token reader
  2. Assign the Token
  * Insert your smart card from step 1 into the token reader
  * In the Sun Ray GUI click 'Tokens' and 'New'
  * Under 'Identifier' you should see 'Read Identifier from Token Reader' checked
  * Click 'Read Token'
  * Assign an owner (i.e. Unix user account) and a session type (Kiosk or Regular)
  * Click 'OK'
  Item 2 from the notes I used for this looks alot like item 1 so I can't say that it is strictly necessary.
  I don't have a Sun Ray Server accessible to me at the moment to confirm but this procedure should help I hope.

• Smart card login

  Hi Guys,
  I have just enabled smart card login to my mac but want to disable the password login option (i.e. I can login with smart card but if I don't plugin the card reader/card, I am prompted for password login). How can I enforce smart card only login?
  Many Thanks
  Michael

  Are you getting all user icons, plus the smartcard icon, or just the smartcard icon and "Other..." ?
  If the latter, then disable root user (which displays the "Other..." prompt on the login window, even if smartcards login is enabled).

• Disabling normal login and only using smart card login?

  I've managed to setup login using BELPIC (Belgian Identity Card (smart card). However I can still login using username/password. Is it possible to restrict the system only using smart card login? (maybe via tweaking the authorize file?)
  Thanks

  The problem isn't with the provider part of the code - it has to do with security privleges. Java code running from the command line has full access to the file-system. Servlets running inside a container do not.
  In order to access cryptographic keystores, the JVM must allow the servlet code to access local files (and through them, the device drivers to the crypto token). Servlet code running inside a web/application server container, by design, are restricted in their ability to access local files on the servlet container machine (other than configuration files and application code under the servlet context root).
  In order to continue with my project, I had to temporarily provide the servlet full access to the machine's file-system in the java.policy file for your JVM, along the lines of the following:
  grant {
  permission java.security.SecurityPermission "authProvider.SunPKCS11-NSS", "getSignerPrivateKey";
  I hope to go back and restrict this access so that only the specific security grants are available to the servlet to access the private key (the above is too lenient).
  You will need to do something similar to your JVM's java.policy to allow the servlet to access the private key. Substitute the "authProvider.SunPKCS11-NSS" with the driver for your own token.

• Cisco ISE Guest portal - smart card login

  Does anyone know if Cisco ISE support smart card login to the guest portal page?                    

  No it doesn't, you can test the same , while editing the wireless SSID profile, opting authentication method as smart card other than PEAP/EAP.

• Smart card authentication for IOS device

  I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session.  if anyone did, can you please point me to the documentation and the implementation guide?  thanks

  Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches.  I'm still working out all the details but you would need SecureCRT or Putty-CAC.  SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router.  The disadvantage is you can only use the first cert in the list.  Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert.  If you contact me, I'll email you the info need to use use SecureCRT.

• Smart card required for interactive logon

  Hi ,
  what is the meaning of these in AD. These options are available in user properties in the Account TAb.
  1-Smart card required for interactive logon.
  2-Account is trusted for delegation
  3-Account is senstive cant be delegated
  4-Use kerberos DES
  5-Dont Require Kerberos
  Regards
  Anil

  Hello,
  You will have to logon to domain using a Smart Card. Interactive logon: Require smart card
  Allows a service running under this account to perform operations on behalf of other user accounts on the network. A service running under a user account (otherwise known as a service account) that is trusted for delegation can impersonate a client to gain
  access to resources on the computer where the service is running or to resources on other computers
  You can use this option if the account, for example a Guest or temporary account, cannot be assigned for delegation by another account.
  Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption.
  Provides support for alternative implementations of the Kerberos protocol.
  For a full explanation refer to below links:
  Understanding User Accounts
  Delegating authentication
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Smart Card login screen authentication

  Apple don't seem to have updated their documentation on this subject since way back in the Mac OS X Tiger days!
  I would like to have a setup where a user can walk up to a Mac (which is at the login screen), wave an RFID card over a reader connected to that Mac and be able to then login to that Mac. If it is necessary for a PIN/Password to also be entered that might be acceptable. Similarly if the screensaver activates during their login session, waving their RFID card again over the reader should unlock the screensaver.
  An alternative scenerio would be a Mac with a guest login account enabled, and then wanting to use the same card reader to authenticate when requested to a proxy server in order to gain network access.
  The cards to make it clear would be RFID based, not magstripe or chip-and-pin. There are suitable USB readers like this one
  http://www.ers-online.co.uk/o5651/cardman5021-cl-omnikey-omnikey-5021-cl-contact less-smart-card-reader

  Hi Robert Gauthney,
  Could you offer more information about your issue, I found a similar scenario with your issue, if it meet your environment please refer the following KB to fix it, if it not
  meet your scenario please offer us more information such as the error screenshot or related Windows event information:
  Smart card authentication does not work when you use VDI and RD Gateway for RDC client in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2548538/EN-US
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Issues regarding Smart Card login inside domain and on SmartPhones

  Hi
  i am planning to implemnt at my domain login ONLY with smartcard
  i saw i have some option how to do it , one with GPO that covers all the computers (or some computers with defined groups)
  or i can check the "smart card is  required ...." this could be the easy way but when i check this  box
  the users with the smartphones no longer can authenticate with it to get emails , also the OWA is not availble for them
  is there any solution so the users will have to login with smartcard and still get the emails to the smartphones ?
  thanks
  TK

  Hi Robert Gauthney,
  Could you offer more information about your issue, I found a similar scenario with your issue, if it meet your environment please refer the following KB to fix it, if it not
  meet your scenario please offer us more information such as the error screenshot or related Windows event information:
  Smart card authentication does not work when you use VDI and RD Gateway for RDC client in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2548538/EN-US
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Smart card development for desktop applications

  I'm totally new to smart cards and would like to get learn some about it. I'd like to build programs which have simple interaction with a smart card for storing information there and light processing.
  I thought about buying Gemplus 430USB reader.
  Could someone suggest a java card for me?
  P.S.
  How hard (if at all) is it to build the most simple application and install it on a smart card?

  I'm totally new to smart cards and would like to get
  learn some about it. I'd like to build programs which
  have simple interaction with a smart card for storing
  information there and light processing.
  I thought about buying Gemplus 430USB reader.I don't know this reader, just make sure it's PC/SC compliant. You shouldn't have to spend more then $20 on a reader that you can develope with. The American Express Blue or Visa readers would do fine(I use the Amex Blue) and they are free if you get the credit card(at least in the United States).
  Could someone suggest a java card for me?I use IBM's JCOP10. It's IBM's low cost JavaCard.
  You can probably purchase one from my company
  www.orga.com
  >
  P.S.
  How hard (if at all) is it to build the most simple
  application and install it on a smart card?Depends on your programming ability.

• Smart Card reader for T410

  Hi everybody, I'm new in this topic...
  I want install a Smart Card reader on my Thinkpad T410 2537-WBB but I don't say what I need. There are two component, the 60Y5029 and the 60Y5030...what is the right one? And I must also buy a cable 45M2894? Thanks and sorry for my english
  Solved!
  Go to Solution.

  h2bazza wrote:
  Thanks wditters!! What is the difference between 60Y5029 and 60Y5030? Can you suggest me a store?
  The difference is possibly a brand thing, for instance Gemplus and or another brand. Not a clue and not really important. Any Lenovo dealer should be able to order the parts directly form IBM. End users cannot.
  Lenovo Premium Business Partner
  X1 Carbon Touch | i7-3667U | 8Gb | 256Gb | HD 4000 | 14HD+ | WWAN | W8.1 Pro RTM x64 |

• FileVault plus Smart Card Login

  I was wondering if there is any way to use FileVault when using a smart card to log into an account on Mac OS X?

  Hi Robert Gauthney,
  Could you offer more information about your issue, I found a similar scenario with your issue, if it meet your environment please refer the following KB to fix it, if it not
  meet your scenario please offer us more information such as the error screenshot or related Windows event information:
  Smart card authentication does not work when you use VDI and RD Gateway for RDC client in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2548538/EN-US
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Smart card reader for T510

  Hello everybody,
  I have a T510 4313-CTO with a contact smart card reader.
  I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
  If it's contactless only, is there an option to have both in the machine ?
  It's kind of difficult to find infos about it.
  Thanks,
  Vince.
  Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information on it.
  ThinkPad T510 4313-CTO Windows 8 x64 - Intel Core i7-620M - NVIDIA NVS 3100M - 8GB RAM - 240GB SSD- Intel Centrino Ultimate-N 6300 - Gobi 2000.
  ThinkPad Helix 3697-CTO Windows 8.1 x64 - Intel Core i7-3667U - Intel HD Graphics 4000 - 8GB RAM- 256GB SSD - Intel Centrino Advanced-N 6205 - Ericsson C5621gw
  Solved!
  Go to Solution.

  Vince69 wrote:
  Hello everybody,
  I have a T510 4313-CTO with a contact smart card reader.
  I just wanted to know if the contactless smart card reader 60Y5031 is both contactless and contact reader or contactless only.
  If it's contactless only, is there an option to have both in the machine ?
  It's kind of difficult to find infos about it.
  Thanks,
  Vince.
  You can slide a card into it, I have yet to get it to recognize a contactless card without sliding it in.