× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

macOS Sierra 10.12.2 DOD CAC Access Issues

Showing results for 
Search instead for 
Do you mean 
Reply
Centrify Advisor II
Posts: 68
Registered: ‎02-18-2015
#11 of 14 838

Re: macOS Sierra 10.12.2 DOD CAC Access Issues

Hi dciciora,

 

Could you send the diagnostic to my email address:

 

albert.chu@centrify.com

 

Thank you!

 

Regards,

Albert

Highlighted
Participant II
Posts: 2
Registered: ‎01-25-2017
#12 of 14 792

Re: macOS Sierra 10.12.2 DOD CAC Access Issues

I found this Apple developer forum post that seems to solve my issues:

 

https://forums.developer.apple.com/thread/63476

 

The workaround in this post disables Apple's CryptoTokenKey PIV support which was conflicting with Centrify's tokend support when using Chrome/Safari vs. Outlook. The former preferred the CTK, the latter tokend. Both cannot be used simultaneously since they require exclusive access to the card. Disabling CTK pivtoken allows Chrome/Safari to fall-back to using Centrify's tokend support.

Participant I
Posts: 1
Registered: a week ago
#13 of 14 173

Re: macOS Sierra 10.12.2 DOD CAC Access Issues

I've had all the same problems and am hoping to disable the built-in Sierra smart card support as well but don't understand what this link is telling me to do.  I found that referenced file but am not sure how to use that to disable the support, please help!

Centrify Advisor II
Posts: 68
Registered: ‎02-18-2015
#14 of 14 121

Re: macOS Sierra 10.12.2 DOD CAC Access Issues

Hi @Andrew60144,

 

According to the Apple post, you can achieve the same by the below steps:

 

1. Login as local admin

 

2. Bring up terminal (which you can search "terminal" to get it)

 

3. In the terminal session, please copy and paste the below command exactly (or you can type for it):

 

    sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array

     com.apple.CryptoTokenKit.pivtoken

 

4. After that it should be disabled. Which you can logout and try again.

 

Hope this helps.


Best Regards,

Albert