[aklug] Re: Common Access Cards - Technical Aspects

Most people only have a DOD CAC if they work for the DOD

.GOV agencies are moving to the PIV
http://www4.va.gov/pivproject/piv_card.asp card

However, the idea behind smartcard technology is 2-factor security that is
relatively cheap to implement and provides Confidentiality and Integrity
aspects via PKI encryption and digital signatures.

And theoretically anyone could build a PKI server infrastructure

The biggest win is that password reset issues are a thing of the past.

- Robert

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf Of
Jim MacDonald
Sent: Sunday, June 27, 2010 10:11 PM
To: Robert Sprowl
Cc: 'Christopher Howard'; 'Alaska Linux Users Group'
Subject: [aklug] Re: Common Access Cards - Technical Aspects

I have seen several solutions to utilize CAC middleware to do remote =
authentication on MAC systems to CAC authenticated network. However, =
most of those solutions require you to modify your OS to use CAC =
authentication and the access the network. For what I think are obvious =
reasons this is not an ideal solution (I don't want to use a .mil issued =
card to access my personal computer). The one solution I have seen (and =
the one I regularly use) is a Linux Live CD that I use a VM in =
Virtualbox (http://www.spi.dod.mil/lipose.htm)

Jim MacDonald
jim@macdonald.org

On Jun 27, 2010, at 10:01 PM, Robert Sprowl wrote:

> Not sure what you are looking for, but I am currently supporting a =
.MIL
> network segment in AK, which the .MIL appears to be the world's =
largest PKI
> infrastructure mostly to support CAC-PKI authentication
>=20
> Have you checked out Wikipedia
> http://en.wikipedia.org/wiki/Common_Access_Card - Mostly accurate
> information and there are some useful links there as well
>=20
> For MIL Apple OS-X systems, http://www.thursby.com/ is supplying =
Active
> Directory and CAC-PKI support
>=20
> I have seen some resources for Linux published, however I have not =
actually
> investigated them
>=20
> http://www.smartcardbasics.com/ is an interesting over view of smart
> card/chip card technology
>=20
> The http://www.smarttoolz.com/ is a site by Cardlogix
> http://www.cardlogix.com/products/ which has developer tools
>=20
> - Robert
>=20
> -----Original Message-----
> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf =
Of
> Christopher Howard
> Sent: Friday, June 25, 2010 5:41 PM
> To: Alaska Linux Users Group
> Subject: [aklug] Common Access Cards - Technical Aspects
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> I'm working on a scripting project at work right now relating to CACs.
> Does anyone on the list happen to have some theoretical or practical
> knowledge of how CACs work?
>=20
> I'm reading through the government's official GSC Interoperability
> Specification and the ICC requirements. But it would be nice be able =
to
> throw a few questions and thoughts back and forth on the list.
>=20
> (Humorous side note: I did a word count on a random page of the GSCIS,
> and discovered that there were ten acronyms on the page for every real
> word. Let me tell you, that makes for some exciting reading...)
>=20
> - --=20
> Christopher Howard
> http://indicium.us
> http://theologia.indicium.us
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>=20
> iEYEARECAAYFAkwlWpwACgkQQ5FLNdi0BcX1QQCaAvsMiSeBP7AgRXCuX63aaFJj
> HUMAnA5E+5m6NMu7+866HX6M53IuP7vS
> =3DaDQ1
> -----END PGP SIGNATURE-----
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>=20
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>=20

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Jun 27 23:00:59 2010