-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/28/2010 06:47 AM, James Zuelow wrote:
> On Sunday, June 27, 2010, Robert Sprowl wrote:
>
>>
>> The biggest win is that password reset issues are a thing of the past.
>>
>> - Robert
>>
>
> Unless you have to reset your card's pin. Administrative stations that can
> reset a DOD pin aren't common, which can make it difficult if a user locks
> their card out on a weekend or away from an office that can reset it.
>
> Since I think we're talking about a hypothetical personal CAC system, make
> sure you have a way to administer your cards without requiring one to log in.
> Or I suppose if you only have one computer and wanted to require a CAC to log
> onto it, you could keep a "root" CAC with no pin safely locked away somewhere.
>
> James.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
Well, now that I see there are a few people on the list who are
knowledgeable about CACs, I'll be more specific about what I'm doing. We
already use CACs here at work, and some people need them to be able to
access some of the government web sites we use.
The problem is that some people here want to be able to automate/script
downloads from sites that require CAC cards for access. So I need to do
some kind of scripting to allow the command-line client cURL to be able
to use CAC card certificates, and specifically on the Mac OSX platform.
My working approach is to use the Mac OSX keychain utility, which is (as
far as I can tell) where the certificates are stored temporarily while
they are being used by the (Safari) web-browser to access the
CAC-enabled web site. I'm hoping I can just pull the certificates out of
keychain via the "security" utility, and feed them straight into cURL.
- --
Christopher Howard
http://indicium.us
http://theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwo6bsACgkQQ5FLNdi0BcVWigCfbYcvnEuKFE+b12dJ33Et87dQ
qKwAn3IAekVyi5qXUjusguC4lgI6S3Vs
=/WuC
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 28 10:28:20 2010
This archive was generated by hypermail 2.1.8 : Mon Jun 28 2010 - 10:28:20 AKDT