manpagez: man pages & more
man SmartCardServices-legacy(7)
Home | html | info | man

SmartCardServices... BSD Miscellaneous Information Manual SmartCardServices...


NAME

     SmartCardServices-legacy -- overview of legacy SmartCard support


DESCRIPTION

     SmartCardServices-legacy is a set of components which add native support
     for SmartCards to OS X based on Tokend modules. Since OS X 10.12, there
     is  SmartCard support which is described in SmartCardServices(7)

     Supported SmartCards appear as separate keychains.  A Tokend module for
     each SmartCard you wish to use must be installed in
     /Library/Security/tokend


USB SMART CARD READER DRIVERS

     OS X has built-in support for USB CCID class-compliant SmartCard readers.
     For other readers, install the reader driver in
     /usr/local/libexec/SmartCardServices/drivers.  Each driver is a bundle.
     The bundle contains an XML file Info.plist which contains the device's
     USB vendor ID and product ID.  For detailed description of the plist for-
     mat and how to write a reader driver, see
     http://pcsclite.alioth.debian.org/api/group__IFDHandler.html


SMART CARD APDU LOGGING

     It is possible to turn on logging for SmartCards by setting the global
     preference:

     sudo defaults write /Library/Preferences/com.apple.security.smartcard
     Logging -bool yes

     After a SmartCard reader is connected (or after reboot) all operations
     including contents of sent and received APDU messages are then logged
     into the system log.  Logging uses the facility com.apple.security.smart-
     card.log so it is possible to set up filtering of these logs into custom
     targets (see asl.conf(5))

     To avoid security risks that could occur if logging is turned on indefi-
     nitely, the logging setting is one-shot - it must be turned on by the
     command above to start logging again with a new reader.  This includes
     unplugging and replugging the same reader.


DISABLING NEW SMART CARD SUPPORT

     It is possible to turn of the new tokens by setting the global prefer-
     ence:

     sudo defaults write /Library/Preferences/com.apple.security.smartcard
     DisabledTokens -array com.apple.CryptoTokenKit.pivtoken


DISABLING SHEET AUTHORIZATION IN PREFERENCES

     When using tokend-based SmartCards, according to your configuration you
     may not be able to use SmartCards for authorization in System Preferences
     sheets. In such case, you can disable sheets using following command:

     defaults write com.apple.Preferences UseSheets -bool FALSE

     System Preferences will then use the original dialog-based authorization.


ENTITLEMENT

     Sandboxed PCSC clients require 'com.apple.security.smartcard=YES' enti-
     tlement. Non-sandboxed PCSC clients do not require such entitlement (in
     order to keep backward compatibility with macOS < 10.10).


SEE ALSO

     SmartCardServices(7), sc_auth(8), defaults(1), asl.conf(5),
     ssh-keychain(8)

Mac OS X                        August 5, 2014                        Mac OS X

Mac OS X 10.13.1 - Generated Thu Nov 9 15:53:24 CST 2017
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.