[aklug] Re: Common Access Cards - Technical Aspects

From: Royce Williams <royce@alaska.net>
Date: Mon Jun 28 2010 - 10:54:32 AKDT

Christopher Howard said, on 06/28/2010 10:28 AM:
> The problem is that some people here want to be able to automate/script
> downloads from sites that require CAC cards for access. So I need to do
> some kind of scripting to allow the command-line client cURL to be able
> to use CAC card certificates, and specifically on the Mac OSX platform.

I have no exposure to this topic other than this thread, so pardon this
naive question, and take it with a big salt lick:

Aren't these users effectively asking you, "Please create unattended
login for a system designed to require attended login" ?

As I see it, there are two possibilities:

1. These downloads have a security level that makes automated
downloading OK (at which point you could set up something on the source
side that doesn't require CAC).

2. The downloads are *not* at a lower level of security (at which point
automating the downloads is Not Cool).

If the download source is not under an administrative control with which
you have a relationship, #1 may not be an option ... but in general, I
smell a deeper contradiction that needs resolving.

Of course, in practical terms, such contradictions often have to be
lived with rather than exorcised. If so, my sympathies. :-/

Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 28 10:54:37 2010

This archive was generated by hypermail 2.1.8 : Mon Jun 28 2010 - 10:54:37 AKDT