Centrify - Securing the Cross Platform Data Center
Showing results for 
Search instead for 
Do you mean 

[Archive] The Centrify Apple Guys

OS X 10.7.3 and Smart Card Support

OS X 10.7.3 and Smart Card Support

By Centrify Advisor IV ‎02-02-2012 02:20 PM

This article has been marked obsolete due to the release of 10.7.4. You can read the update here. 

http://community.centrify.com/t5/The-Centrify-Apple-Guy/OS-X-10-7-4-and-the-Smart-Card-login-window/...

If you are using 10.7.3 and smart cards, please update to 10.7.4.

 

We've just received the 10.7.3 released version of OS X.

We did some testing with smart cards and can confirm that the login dialog now properly prompts for the smart card PIN when the card is inserted. 

 

First a little background information. When 10.7 was released, Apple had removed the drivers to support specific smart cards types, but left in the underlying smart card infrastructure. Centrify has built  replacement smart card drivers in our DirectControl product. We provide native support for CAC, CACNG and PIV smart cards.

This was available when 10.7 shipped, but a small issue existed with the login screen. It wouldn't properly recognize when a card was inserted into a reader, and the user wasn't prompted to enter their pin.  

 

Fast forward to 10.7.3 and now the small issue with the login screen has been partially resolved. 

 

However, there's a trick to it.

 

If your login window is configured to display the Username and Password prompt, then it won't work. When the card is inserted the login screen will go blank.

 Blank Login

 (No pin prompt is displayed. In fact, nothing is displayed)

 

You need to set the login window to display the "List of Users". 

 

Screen Shot 2012-02-02 at 1.49.29 PM.png

 

Now when you return to the login window and insert your card, you will see something like this : 

 

_smartcardLoginWindowII.png

 

This display problem is a bug and it's been reported to Apple.

 

However, if the card is inserted and the screen doesn't change, or blink, or switch to the pin prompt, or go blank it means you have other problems related to your smart card trust chain.  We've done a lot of work figuring out how to diagnose those types of problems.

 

Contact us at Centrify and we'll help you out.

About the Author