DOD CAC Reader

Did you run cac_setup from the command line? I think you have to sudo it and give your admin password.

If that doesn't work, contact the Apple Federal Security Team for questions about your card reader. The info is here:

http://www.apple.com/itpro/federal/

Eric,

I just got my CAC reader working the other day. I am running ActivCard Gold 1.2, a USB cac reader, and Netscape 7.2. (I still can't get it to work with firefox.. something to do with the pkcs11.shlb file and loading that into firefox. So far, the support people are at a loss of what to try next). Installing the security update from a few days ago solved some of my problems. I still have to have the reader unplugged until after I log into my user profile. Don't forget to install the root certificates as well. Now I can finally log into outlook web access! If you have any questions, let me know, and I will try to help.

Thought this might help others even though you got yours working with third party software.
I just got my smart card reader (SCR3310) working with my DOD CAC and MacBook Pro w/ os 10.4.6 by using info obtained from another site ( http://www.opensc-project.org/sca/). "A good test is to launch pcsctest in a Terminal with your card reader connected and a smart card inserted." After inserting card and typing the command pcsctest in terminal window, was prompted for reader number (which was 01 in my case). Example screen dump that you will see:
MUSCLE PC/SC Lite Test Program

Testing SCardEstablishContext : Command successful.
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaders : Command successful.
Reader 01: CCID Smart Card Reader 0 0
Enter the reader number : 01

Waiting for card insertion
: Command successful.
Testing SCardConnect : Command successful.
Testing SCardStatus : Command successful.
Current Reader Name : CCID Smart Card Reader 0 0
Current Reader State : 34
Current Reader Protocol : 0
Current Reader ATR Size : 9
Current Reader ATR Value : 3B 65 00 00 9C 02 02 07 02
Testing SCardDisconnect : Command successful.
Testing SCardReleaseContext : Command successful.

PC/SC Test Completed Successfully !

Where do you get the ActivCard drivers from?

hey there...hopefully someone can help me....my reserve unit gave me a DOD CAC reader....however, when i try to load the DOD Root PKI certs it won't take them. i'm not sure they've given me the right file.... does anyone know if i can find them online? if so where? i've been to infosec and it only gives me a .exe option. is there a converter i can use? i can load the software, get it to recognize my reader, and my card, but no luck on the certificates being loaded in firefox. any help would be great.

I need some help in getting the my systems to use a CAC.
I have searched all over the internet and have found no good documentation on this. I have also downloaded a document from Apple Systems Engineer, geddis and find them confusing.
Is there anyone out there that has set this up and are willing to share the information with the rest of us who are struggling?
It would be great if there was some sort of step-by-step documentation out there.
I also called apple and they tell me they cannot give this kind of support on that it falls back on the card reader vender.

A good place for this type of information is Apple's Fed-Talk list. There have been a lot of good discussions recently along this line and a few attempts at how-to lists have been listed.

See http://lists.apple.com/ on how to sign-up.

-- Bill

I am a service member and found out that DoD should be supporting the Mac Thunderbird client at this time using CAC / Smart Card Readers. If you have access to AKO (if you do you already know what that is) search for the CAC FAQ. They also have a .pdf help file for download as well. (Can't link inside a secure site, sorry.) A detailed search online may help you as well. Contact your IT at your agency, they should be able to help you - even if they don't use Macs. (not everyone is perfect mind you.)

Another post. Here is a reader that professes to be Mac OS 10 compatible (including drivers): http://www.athena-scs.com/product.asp?pid=1

Yes, I have had very good success. OS X supports the CAC natively and nothing need be done except have a compatible card reader.

I have an ActivCard reader left over from before the NMCI turnover. I had to flash it to be an SCR33x reader.

The instructions are in a PDF located at:
http://cisr.nps.navy.mil/downloads/npscs_06009.pdf

Also I would be happy to send you the instructions if you like.
Good Luck!

Here is the rest of the story to give you a complete set of instructions!

http://web.mac.com/robertcoogan/iWeb/Marine%20Corps%20Icons/Blog/14C17948-AA49-4 B23-B692-419BDCFCE69A.html

As a Navy contractor, I recently received my first ever CAC card. I am trying to figure out whether it makes sense for me to do whatever I need to do to gain access to NMCI per the card using my personal PBG4 with 10.4.7 or am I about to expose myself from a security perspective (items on my personal computer)? What do you think? Do you recommend going forward? If so, what reader should I buy? Will I need anything more than the reader? I welcome any and all advise regarding my quandry as well as how to make it work. Please advise. Best regards - Dock

Slowsleep,

pctest shows that the my MB is reading the card, but I can't seem to bind the card with the directory using the sc_auth hash. Nothing comes out on the screen (Hash Number for Private key). When i login to the webmail.nmci.usmc.mil, what comes out is a screen asking me for the keychain password instead of the PIN number as in a PC.

Can anyone on this board tell me how to Bind my card to the directory services using the sc_auth hash?

First, it sounds like "sc_auth hash" is not producing any output?

I would reboot to make sure your securityd hasn't lost track of your smart card.
I would check to make sure you have a process named "CAC" running - this is the software that talks to the card.

If you don't have a process named CAC, your card reader firmware may be out of date. You should update the firmware (using a PC works best). A lot of old SCR331 readers need a firmware update.

You did not mention what kind of directory service you are using. Are you just binding the card to a local account? Active Directory? Open Directory?