2 Replies Latest reply: Sep 6, 2009 1:19 PM by Exergy
InVision Level 1 (30 points)
I finally got my CAC card reader to work in MAC OS. I used the scr3310 reader and MAC OS driver.

Now I need to find a Remote Desktop Connection (RDC) that can use the CAC reader. I have tried both 1.0.3 and 2.0.1 with no success.

Has anyone successfully used a RDC in MAC OS?

Thx !!


iMac 24" (4GB, 500GB), 2008 MacBook 2.4GHz (4GB, 320GB), Mac OS X (10.5.5), iPhone 3G, Apple TVs (40GB,160GB), etc......
  • Barney-15E Level 8 (46,274 points)
    I use rdesktop with the -r scard option. That's the only one I've found. It runs in X11, so you'll have to install that also.

    I can't remember how I installed it, though. I think I used MacPorts. They have a port for version 1.6.0. DarwinPorts also has v. 1.6.0.

    It is sometimes flakey with the smartcard. I think that it may be an issue with Keychain Access as I will sometimes still see remnants of the smartcard keychain in Keychain Access after I've removed the smartcard. Once I get rid of the phantom keychain, it works again.

    Also, I should note that I don't spend a lot of time on it, so I don't know how robust it is.

    Message was edited by: Barney-15E
  • Exergy Level 1 (0 points)
    The MS RDP does not yet implement SmartCard enabling (which really ***** as the MS product seems pretty well done otherwise). I got CAC (via VPN) working using RDESKTOP via the installation procedures posted by TRON in August, 2008 under the topic heading "MS Remote Desktop and smart card reader". TRON's procedure makes the appropriate modification to the CONFIGURE file during the build and uses the OpenSource (SourceForge) implementation of RDESKTOP <rdesktop.sourceforge.net>, aka, <www.rdesktop.org>.

    Here is a recap of TRON's procedure:
    1.) Plug in your card reader
    2.) Open Terminal and run this command:

    sudo pcsctool

    3.) When prompted, enter your admin password. You should see:
    Select the approprate token driver:
    1. commonAccessCard.bundle
    2. GSCISPlugin.bundle
    3. mscMuscleCard.bundle
    4. slbCryptoflex.bundle
    Enter the number:

    4.) Type "1" (without quotes) and press enter, and you should see something like:
    Insert your token in: OmniKey CardMan 3121 00 00

    Token support updated successfully !

    5.) Keep your card reader plugged in and use rdesktop install instructions

    1. Make sure Xcode Tools is installed on your computer. It should be on your OS X install disk.
    2. Find out where your X11 libraries are located:
    -From the Finder menu, selct "Go" >> "Go to Folder..."
    -Type (without the quotes) "/usr/X11", and click "Go"
    You should see a bunch of folders. Make sure the "include" and "lib" folders are there. Otherwise you need to find out where the X11 "include" and "lib" folders are located on your computer.

    3. Download rdesktop and place the (unarchived) rdesktop-1.6.0 folder on your Desktop
    4. Open the X11 application (should be in your Utilities folder)
    5. In the X11 window type the following (without the quotes):
    "cd Desktop/rdesktop-1.6.0 && ./configure --enable-smartcard -x-includes=/usr/X11/include -x-libraries=/usr/X11/lib && make && sudo make install"
    4. Hit enter. When prompted, enter your administrator password and hit enter.

    rdesktop should now be installed in the following folder:

    So, to launch rdesktop with smartcard log in enabled, open the X11 application (or Terminal application) and type the following (without the quotes, and replace your.server.address with the server address):
    "cd /usr/local/bin && ./rdesktop -r scard your.server.address"

    Hit enter and it should launch a new X11 window that will try to access the remote server where you should be prompted for your PIN.

    To explore more options with rdesktop, open X11 and type the following (without quotes):
    "cd /usr/local/bin && ./rdesktop"
    Hit enter and you should get a list of options available to rdesktop.


    TRON's procedure works. I tried to get it working using the MACPORTS (formerly DarwinPorts) <www.macports.org> implementation of RDESKTOP. It actually uses the same OpenSource implementation, but the build procedures are completely different. The MACPORTS implementation would build properly and run. But I could not get the build to enable SmartCard. I tried modifying the PORTFILE by adding a new variant call that according to SourceForge (ticket#20664) should work:

    variant smartcard description {enables smartcard forwarding} {
    configure.args-append --enable-smartcard

    It probably does work if you can get the CONFIGURE file appropriately. The variant call in the PORTFILE apparently does not do that modification on its own. MACPORTS builds and installs the various software "ports" (including RDESKTOP) by on-the-fly pulling the information form the TAR file into a temporary workspace. So you have to (somehow) make the modification happen as the CONFIGURE file is pulled into temporary workspace. I have not yet figured it out.

    The advantage of the MACPORTS implementation is that there is a simple uninstall script built into all of the software "ports". The SourceForge version of RDESKTOP has no such uninstall capability (that I can find) built in. I would, therefore, prefer to use the much more elegant MACPORTS implementation, which leads to my two questions:

    1. Has anybody found a straightforward procedure to enable SmartCards/CAC during the build of the MACPORTS version of RDESKTOP?

    2. How do I safely and cleanly uninstall the non-MACPORTS <SourceForge.org> version of RDESKTOP?