-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
epass2003 tokend MacOS 10.12 #29
Comments
Try https://github.com/mouse07410/OpenSC.tokend.git - you're likely to have better success. I'm using this tokend on 10.11.6 and 10.12.1 with 100% success. ;-) I must add that the tokend I'm using has been extensively tested and enhanced for PIV cards, but I conjecture that it would work with epass2003. |
wow- after fighting with openssl a bit, i did get a copy to build, and it seems to work using our tokens under 10.12.1. Very nice- thanks for the pointer! (edit removing the bit about contributing back to mainline: I see the pull request, thanks! ) |
@bmwt, this tokend is maintained as a parallel fork. It tracks the mainline fixes if and when they appear (which nowadays isn't highly likely). The owners of the mainline package decided not to merge it back then. I was disappointed at first, couldn't care less now.
Tokend is not deprecated (unless you mean CDSA-based tokend, like these :). Apple, starting with Sierra, returned to providing its own tokend - based on their new CTK (named Luckily, Sierra allows operations in Legacy mode: you disable And of course, we never know - perhaps with 10.13 or 10.14 |
ahh, i thought CTK was a replacement for tokend, and that tokend was going away. This clarifies quite a bit- all the information i was looking for, but couldn't find. Much, much appreciated- we'll just continue to follow your fork until apple decides to throw something else our way. |
The tokend driver doesn't appear to be working for us under 10.12 or 10.12.1. The token (epass2003) does appear in keychain access, but attempts to use the certificate on the device seem to fail. Our use case is a vpn client (globalprotect), but we're unable to get the certificate to work even in stock safari when connecting to a certificate authenticated website (eliminating the vpn client as the culprit). The same setup works just fine with 10.11. WIth a working 10.11 setup, upgrading to 10.12 makes it stop working. We've tried both the binary version of OpenSC with the driver (0.16), as well as a package compiled from git source (b1aa790).
non-tokend (ssh with opensc-pkcs11.so) works just fine.
The text was updated successfully, but these errors were encountered: