- Best Mac Os X Software
- Mac Card Reader Driver
- Smart Card Reader Software Free
- Smart Card Reader Software Mac Os X Lion 10 7 5 11g63 11g63 Upgrade To 10 8
- Cac Reader For Mac Software
Free download Card Reader Card Reader for Mac OS X. Card Reader allows you to use Palm-powered handhelds (Palm Centro, Palm Treo, Sony CLIE and other Palm pda's) as an ordinary USB or Bluetooth card reader for quick and easy file exchange. SCM's SCR3310 and SCR3310v2.0 are small and ergonomic USB smart card readers, with backside mounting holes. The readers are ISO 7816 compliant, and can be used for cards in ID 1 card format. Download and install the OS X Smartcard Services package The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific.
This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.
macOS includes a modern architecture that supports smart cards. This architecture is based on the CryptoTokenKit framework, which supports authentication, encryption, and signing functions, plus MDM controls for managing smart cards within Enterprise environments. Starting with macOS Catalina, legacy smart card support that uses TokenD will be disabled by default.
Before you upgrade to macOS Catalina
If you want to migrate from legacy TokenD to modern CryptoTokenKit-based smart card services after upgrading to macOS Catalina, follow these steps:
1. Make sure that any third-party apps that you use support CryptoTokenKit.
2. Verify that
com.apple.CryptoTokenKit.pivtoken
doesn't appear in the output of this Terminal command:defaults read /Library/Preferences/com.apple.security.smartcard DisabledTokens
HID® OMNIKEY® 5025 CL. Contactless (RFID 125 kHz) smart card reader, CCID driver for PC, Thin- and Zero Client HID® OMNIKEY® 5022. Enables strong authentication to computer, software, network or cloud applications, supporting 13.56 MHz credentials such as iCLASS®, iCLASS Seos OTP, DESFire®. Compatible with windows (32/64bit) XP/Vista/ 7/8/10, Mac OS X Sleek Ergonomic Design -Gloss Black Finish. PIV and EMS ready.ISO7816 Class A,B and C. Compatible with US Military and Government DOD ID cards for secure login What You Get: Saicoo CAC USB-C Smart Card Reader, CD driver, 18-month warranty and lifetime technical support. MMUSC DOD Military USB CAC Smart Card Reader, Compatible with Mac OS, Win, Black. 4.1 out of 5 stars 114. 99 $19.99 $19.99. Get it as soon as Wed, Jul 1. FREE Shipping on orders over $25 shipped by Amazon. Only 16 left in stock - order soon.
If it does, you can remove the PIV token from the DisabledTokens array by deleting the entire array:
defaults delete /Library/Preferences/com.apple.security.smartcard DisabledTokens
3. If you've installed a driver that relies on TokenD, use the developer's instructions to uninstall it.
If you have any issues using your smart card after upgrading to macOS Catalina, pair the card again. For additional instructions on configuring smart card services, see the macOS Deployment reference and the
SmartCardServices(7)
man page.This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.
Enable smart card-only login
Make sure that you carefully follow these steps to ensure that users will be able to log in to the computer.
- Pair a smart card to an admin user account or configure Attribute Matching.
- If you’ve enabled strict certificate checks, install any root certificates or intermediates that are required.
- Confirm that you can log in to an administrator account using a smart card.
- Install a smart-card configuration profile that includes '<key>enforceSmartCard</key><true/>,' as shown in the smart card-only configuration profile below.
- Confirm that you can still log in using a smart card.
For more information about smart card payload settings, see the Apple Configuration Profile Reference.
For more information about using smart card services, see the macOS Deployment Guide or open Terminal and enter
man SmartCardServices
.Disable smart card-only authentication
If you manually manage the profiles that are installed on the computer, you can remove the smart card-only profile in two ways. You can use the Profiles pane of System Preferences, or you can use the /usr/bin/profiles command-line tool. For more information, open Terminal and enter
man profiles
.If your client computers are enrolled in Mobile Device Management (MDM), you can restore password-based authentication. To do this, remove the smart card configuration profile that enables the smart card-only restriction from the client computers.
To prevent users from being locked out of their account, remove the enforceSmartCard profile before you unpair a smart card or disable attribute matching. If a user is locked out of their account, remove the configuration profile to fix the issue.
If you apply the smart card-only policy before you enable smart card-only authentication, a user can get locked out of their computer. To fix this issue, remove the smart card-only policy:
- Turn on your Mac, then immediately press and hold Command-R to start up from macOS Recovery. Release the keys when you see the Apple logo, a spinning globe, or a prompt for a firmware password.
- Select Disk Utility from the Utilities window, then click Continue.
- From the Disk Utility sidebar, select the volume that you're using, then choose File > Mount from the menu bar. (If the volume is already mounted, this option is dimmed.) Then enter your administrator password when prompted.
- Quit Disk Utility.
- Choose Terminal from the Utilities menu in the menu bar.
- Delete the Configuration Profile Repository. To do this, open Terminal and enter the following commands.
In these commands, replace <volumename> with the name of the macOS volume where the profile settings were installed.rm /Volumes/<volumename>/var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Settings/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Setup/.profileSetupDone
- When done, choose Apple () menu > Restart.
- Reinstall all the configuration profiles that existed before you enabled smart card-only authentication.
Configure Secure Shell Daemon (SSHD) to support smart card-only authentication
Users can use their smart card to authenticate over SSH to the local computer or to remote computers that are correctly configured. Follow these steps to configure SSHD on a computer so that it supports smart card authentication.
Update the /etc/ssh/sshd_config file:
- Use the following command to back up the sshd_config file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the sshd_config file, change '#ChallengeResponseAuthentication yes' to 'ChallengeResponseAuthentication no' and change '#PasswordAuthentication yes' to '#PasswordAuthentication no.'
Then, use the following commands to restart SSHD:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd
If a user wants to authenticate SSH sessions using a smart card, have them follow these steps:
- Use the following command to export the public key from their smart card:
ssh-keygen -D /usr/lib/ssh-keychain.dylib
- Add the public key from the previous step to the ~/.ssh/authorized_keys file on the target computer.
- Use the following command to back up the ssh_config file:
sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the/etc/ssh/ssh_config file, add the line 'PKCS11Provider=/usr/lib/ssh-keychain.dylib.'
![Mac Mac](/uploads/1/2/6/9/126969362/305846801.png)
If the user wants to, they can also use the following command to add the private key to their ssh-agent:
ssh-add -s /usr/lib/ssh-keychain.dylib
Enable smart card-only for the SUDO command
Use the following command to back up the /etc/pam.d/sudo file:
sudo cp /etc/pam.d/sudo /etc/pam.d/sudo_backup_`date '+%Y-%m-%d_%H:%M'`
Best Mac Os X Software
Then, replace all of the contents of the /etc/pam.d/sudo file with the following text:
Enable smart card-only for the LOGIN command
Use the following command to back up the /etc/pam.d/login file:
Mac Card Reader Driver
sudo cp /etc/pam.d/login /etc/pam.d/login_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/login file with the following text:
Enable smart card-only for the SU command
Smart Card Reader Software Free
![Smart Card Reader Software Mac Os X Smart Card Reader Software Mac Os X](/uploads/1/2/6/9/126969362/653515949.png)
Smart Card Reader Software Mac Os X Lion 10 7 5 11g63 11g63 Upgrade To 10 8
Use the following command to back up the /etc/pam.d/su file:
Cac Reader For Mac Software
sudo cp /etc/pam.d/su /etc/pam.d/su_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/su file with the following text:
Sample smart card-only configuration profile
Here’s a sample smart card-only configuration profile. You can use it to see the kinds of keys and strings that this type of profile includes.