[aklug] Re: Common Access Cards - Technical Aspects

From: James Zuelow <James_Zuelow@ci.juneau.ak.us>
Date: Mon Jun 28 2010 - 11:13:57 AKDT

----Original Message----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
Of Royce Williams Sent: Monday, June 28, 2010 10:55 AM
To: aklug@aklug.org
Subject: [aklug] Re: Common Access Cards - Technical Aspects

> Christopher Howard said, on 06/28/2010 10:28 AM:
>> The problem is that some people here want to be able to
>> automate/script downloads from sites that require CAC cards for
>> access. So I need to do some kind of scripting to allow the
>> command-line client cURL to be able to use CAC card certificates,
>> and specifically on the Mac OSX platform.=20
>=20
> I have no exposure to this topic other than this thread, so pardon
> this=20
> naive question, and take it with a big salt lick:
>=20
> Aren't these users effectively asking you, "Please create unattended
> login for a system designed to require attended login" ?
>=20

I might be wrong, but I don't think that the cards
will allow you to save ALL of the security tokens
available to the card. So Christopher can't just
clone the card onto disk and use that to script
downloads at 3AM when nobody is there.

He should be able to script access to the card so
that his users can put the card into the reader=20
and run a script to grab their downloads without
having to go to each page individually. I can
see how that would be useful and disireable. But
It won't work if the card isn't inserted into a
reader.

At least I hope not, or the whole concept of a
CAC is broken. :)

James Zuelow=
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 28 11:14:05 2010

This archive was generated by hypermail 2.1.8 : Mon Jun 28 2010 - 11:14:05 AKDT