Centrify Express For Smart Card
Demo showing different aspects of Centrify: Logging in with a Smart card on both Mac and Linux, using Kerberos to SSO to a Unix machine, doing privilege elevation on both Unix and Windows,. Enabling Smart Card Login for Mac OS X using Centrify 2012.4 UNCLASSIFIED 3 UNCLASSIFIED Planning and Preparation Centrify has several versions of their product, but the free Express version does not support smart card logon. The standard version or higher is required for Mac smart. Smart cards provide an enhanced level of security for Red Hat Linux computers when users log on to Acti ve Directory domains. If you use a smart card to log on, authentication requires a valid and trusted root certificate or intermediate root certificate that can be validated by a known and trusted certification authority (CA). Demo of installing a Centrify Server Suite Standard Mac agent. Skip navigation. Centrify Mac joined to AD w/ Auto Zone and Smart card - Duration. Centrify Express.
Centrify Express Mac
- Connect a Smart Card reader to the mac.
- If a reader still needs to be purchased, more information is available in the PKI Tutorials section of Security Endeavors.com under Use a Cert > Home Use > Get A Reader
- Allow a few moments for drivers to be loaded when newly connecting any reader
- Install the DoD Root Chains to trust and use the CAC/PIV certificates
- Close Safari
- Open Applications, then open the Utilities folder and double-click Keychain Access
- Select File > Add Keychain
- Click the Keychains drop down and select the hard drive icon to go to the top level of the disk
- Navigate to System > Library > Keychains
- Select SystemCACertificate.keychain, then click Add
- Enter your Keychain password if asked to do so (same as login in most cases)
- Close the Keychain window
- Credit for steps goes to Centrify.com (source: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=SCE_DownloadCert.html)
- Launch Safari again and proceed to the next step
- Download and install OpenSC (Open Smart Card), the software that lets applications like Safari talk to the certificates on a CAC/PIV token
- The latest OS X installers are at https://www.opensc-project.org/files/macosx/
- Please consider reading more about Open Smart Card for OS X
- https://www.opensc-project.org/opensc/wiki/MacInstaller
- Hosts technical information and answers some questions
- Download the topmost listed file by clicking on it once. When downloaded:
- Double click the .DMG file to have OS X present its contents
- Double click the PKG file in the window that opens to launch the installer
- Select all of the defaults, changing none of the options, and follow the prompts
- Enter the system Password (same as login) is asked.
- Close the installer when finished
- Close and re-launch Safari now that Open Smart Card is loaded
- Time to try it out!
- Using Certificates:
- Launch Safari with a Reader connected and a Smart Card inserted
- Navigate to https://www.my.af.mil
- Click the Agree button
- Enter the PIN in the window that is presented
- The Portal page will open (for AF personnel)