Menu
▾
▴
Re: [Opensc-devel] OpenSC 0.17 breaks PIV card auth on Safari/Citrix Receiver On macOS 10.12+
|
From: Frank M. <fra...@gm...> - 2017-10-11 13:21:57
|
*Apple's CryptoTokenKit breaks non-Apple software! *Only use OpenSC and disable the PIVToken: *sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken* Regards, Frank. 2017-10-11 15:07 GMT+02:00 Douglas E Engert <dee...@gm...>: > > It sounds like one or both of the MacOS smart card code or OpenSC are > accessing the card in exclusive mode. Both have support for PIV cards > and use pcsc to access the reader. > > I do not use MacOS, but there are others on this mailing list that do > and use PIV cards. I am surprised no else has responded. > > https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC > > See the OpenSC opensc.conf file debug= and debug_file= parameters to turn > on debugging. > > Also look at the connect_exclusive, disconnect_action, > transaction_end_action > and reconnect_action. The default of disconnect_action=reset may be a > problem. > I would set it to disconnect_action=leave; But the MaocOS code may also be > causing problems. > > https://github.com/OpenSC/OpenSC/wiki/macOS-Quick-Start > might help. Search the wiki > > Google for: opensc Mac OS office safari Citrix > > Google for: pcsc Mac OS debugging > > > On 10/10/2017 2:51 PM, Matthew X. Economou wrote: > >> Dear all, >> >> I use OpenSC on my Macs to use PIV cards with Office (e.g., signing >> email). However, this breaks logins to Citrix Receiver via Safari, and >> I don't know how to troubleshoot it. Uninstalling OpenSC restores the >> original behavior, i.e., PIV card logins work with Safari/Citrix >> Reciever but not Office. Is there a knob that turns on debug logging >> inside of OpenSC or one of its components? Can I attach a debugger >> somehow? How would I go about figuring this out? >> >> Best wishes, >> Matthew >> >> > -- > > Douglas E. Engert <DEE...@gm...> > > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
