Smart Card Reader Driver Mac Os X
This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.
- Mac Smart Card Reader Software
- Epson Drivers Mac Os X
- Mac Os Driver Download
- Smart Card Reader Driver Mac Os X
Enable smart card-only login
Acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers. This library provides a PC/SC IFD handler implementation and communicates with the readers through the PC/SC Lite resource manager (pcscd). Acsccid is based on ccid. See CCID free software driver for more information. Oct 20, 2014 Macbook Air running OS X 10.10 Yosemite; Getting the PIV card to work on 10.10 Yosemite. Verify your reader works Attach your reader, use the OS X “About this Mac” - “System Report” function to verify that your computer and OS actually see and recognize a smart card device: Buy and install the PKard software. Launch OS X Keychain Assistant. OS X will self-install an EMV Smart Card reader driver automatically. To determine if these readers are properly installed go to: / About This Mac / System Report. / Hardware / USB. An 'EMV Smartcard Reader' device should be present.
Readme for the PC USB Mac OS X Panther PC/SC CCID driver updated: 2019-02-01 10:35:27 GemPCTwinPCSCInstaller32bits for Windows 95, 98, 98se, ME, NT4 - English version. 23084 - Smart Card Reader IT #23084. There is no driver. There is no driver needed for this device. Once the device is connected, Windows OS installs a built-in driver for it. Make sure your system is up to date following the instructions from the website www.windowsupdate.com. In OS X 10.10 Yosemite this readder is supported by Apple driver, so there is no need to install another driver. To use Todos Argos Mini II you have to install the driver. Depends on what version of Mac OS X you use install the following: Driver for Mac OS X 10.6; Driver for Mac OS X 10.5; Install Smart Card driver.
Make sure that you carefully follow these steps to ensure that users will be able to log in to the computer.
- Pair a smart card to an admin user account or configure Attribute Matching.
- If you’ve enabled strict certificate checks, install any root certificates or intermediates that are required.
- Confirm that you can log in to an administrator account using a smart card.
- Install a smart-card configuration profile that includes '<key>enforceSmartCard</key><true/>,' as shown in the smart card-only configuration profile below.
- Confirm that you can still log in using a smart card.
For more information about smart card payload settings, see the Apple Configuration Profile Reference.
For more information about using smart card services, see the macOS Deployment Guide or open Terminal and enter man SmartCardServices
.
Disable smart card-only authentication
If you manually manage the profiles that are installed on the computer, you can remove the smart card-only profile in two ways. You can use the Profiles pane of System Preferences, or you can use the /usr/bin/profiles command-line tool. For more information, open Terminal and enter man profiles
.
If your client computers are enrolled in Mobile Device Management (MDM), you can restore password-based authentication. To do this, remove the smart card configuration profile that enables the smart card-only restriction from the client computers.
To prevent users from being locked out of their account, remove the enforceSmartCard profile before you unpair a smart card or disable attribute matching. If a user is locked out of their account, remove the configuration profile to fix the issue.
If you apply the smart card-only policy before you enable smart card-only authentication, a user can get locked out of their computer. To fix this issue, remove the smart card-only policy:
- Turn on your Mac, then immediately press and hold Command-R to start up from macOS Recovery. Release the keys when you see the Apple logo, a spinning globe, or a prompt for a firmware password.
- Select Disk Utility from the Utilities window, then click Continue.
- From the Disk Utility sidebar, select the volume that you're using, then choose File > Mount from the menu bar. (If the volume is already mounted, this option is dimmed.) Then enter your administrator password when prompted.
- Quit Disk Utility.
- Choose Terminal from the Utilities menu in the menu bar.
- Delete the Configuration Profile Repository. To do this, open Terminal and enter the following commands.
In these commands, replace <volumename> with the name of the macOS volume where the profile settings were installed.rm /Volumes/<volumename>/var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Settings/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Setup/.profileSetupDone
- When done, choose Apple () menu > Restart.
- Reinstall all the configuration profiles that existed before you enabled smart card-only authentication.
Configure Secure Shell Daemon (SSHD) to support smart card-only authentication
Users can use their smart card to authenticate over SSH to the local computer or to remote computers that are correctly configured. Follow these steps to configure SSHD on a computer so that it supports smart card authentication.
Update the /etc/ssh/sshd_config file:
- Use the following command to back up the sshd_config file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the sshd_config file, change '#ChallengeResponseAuthentication yes' to 'ChallengeResponseAuthentication no' and change '#PasswordAuthentication yes' to '#PasswordAuthentication no.'
Then, use the following commands to restart SSHD:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd
If a user wants to authenticate SSH sessions using a smart card, have them follow these steps:
- Use the following command to export the public key from their smart card:
ssh-keygen -D /usr/lib/ssh-keychain.dylib
- Add the public key from the previous step to the ~/.ssh/authorized_keys file on the target computer.
- Use the following command to back up the ssh_config file:
sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the/etc/ssh/ssh_config file, add the line 'PKCS11Provider=/usr/lib/ssh-keychain.dylib.'
If the user wants to, they can also use the following command to add the private key to their ssh-agent:
ssh-add -s /usr/lib/ssh-keychain.dylib
Enable smart card-only for the SUDO command
Use the following command to back up the /etc/pam.d/sudo file:
sudo cp /etc/pam.d/sudo /etc/pam.d/sudo_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the /etc/pam.d/sudo file with the following text:
Enable smart card-only for the LOGIN command
Use the following command to back up the /etc/pam.d/login file:
sudo cp /etc/pam.d/login /etc/pam.d/login_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/login file with the following text:
Enable smart card-only for the SU command
Use the following command to back up the /etc/pam.d/su file:
sudo cp /etc/pam.d/su /etc/pam.d/su_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/su file with the following text:
Sample smart card-only configuration profile
Here’s a sample smart card-only configuration profile. You can use it to see the kinds of keys and strings that this type of profile includes.
- 4Driver for readers
- 5Install Smart Card driver
General
In several places in this instruction you have to run a command in Terminal. You can start Terminal from Applications/Utilities or you can write Terminal in Spotlight.
The text writen this way are commands, which you have to run in Terminal. You dont have to write them just copy them with the clipboard. To work correctly commands which starts with sudo,is nessesary for you to have a password for the user. If you don't have set a temporary one during the settings. After you use one of the commands you will be propted for password.
What is nessesary to work with digital signature
In order to use your digital sigature is nessesary to install the driver for the smart card reader, the middleware for the smart card and the service for smart card resders (pcscd) running. The service pcscd must start automatically when you plug a reader.
System requerments
The software requered to work with certificates on Mac, supports Mac OS X 10.5 or newer.
Sep 06, 2019 Install macOS using Internet Recovery Mode Internet Recovery mode can take a long time to start, depending on your connection. The simplest way to install macOS or OS X on a new hard drive is by using Internet Recovery Mode. This mode is only available on Apple computers made after 2009 that were running OS X Lion or later.
Support for 10.5 is paritial. All needed drivers work on 10.5 but InfoNotary software for signing of documents and card management does not.
Driver for readers
ACR 38C
If the your reader is labeled with ACR38C-SPC-R at the bottom, have a sign SIMLector 38T on the inside or a sign mLector-S, then your device works with the build in driver in the OS and you don't have to install any drivers.
ACR 38U
Reader that are labeled ACR 38U,are not compatible with this driver, so if you use such a device you have to install driver from the site of the manifactorer.
Omnikey (HID Global)
Mac Smart Card Reader Software
For you to use OmniKey CardMan, you have to install the driver from HID Global for your version of OS X:
- Driver for 10.6 - 10.10.
- Driver for 10.11 El Capitan.
After update of the OS X you have to install the drivers again.
Bit4id miniLector-S
If your reader is labeled with miniLector-S you must install this driver -driver for miniLector-S for OS X from 10.6 to 10.9 inclusive.
In OS X 10.10 Yosemite this readder is supported by Apple driver, so there is no need to install another driver.
Todos
To use Todos Argos Mini II you have to install the driver. Depends on what version of Mac OS X you use install the following:
Install Smart Card driver
Depend of the model of your card you have to use different software. The model of the card is on the Personal Access Rights, which you receive with your card. In case your model is „T&S DS/2048 (L)“, you have to install Bit4id Universal Middleware from you installation CD. If the model is „CardOS V4.3B (C)“, you have to install OpenSC.
Incase you dont have Personal Access Rights, you can check your card model with this command pcsctest from terminal. She will ask you for the reader number, you have to press 1. If there is no problem with the reader installation you will get a row beginning with „Current Reader ATR Value“. Against this text is an indetifier for the card.
- For T&S DS/2048 the indentidier is „3B FF 18 00 FF 81 31 FE 55 00 6B 02 09 03 03 01 11 01 43 4E 53 11 31 80 8C“.
- For CardOS V4.3 the indentidier is „3B F2 18 00 02 C1 0A 31 FE 58 C8 08 74“.
Installation of Bit4id Universal Middleware
To use Bit4id on Mac OS X, you must install Bit4id Universal Middleware. You can find it on the installation CD, in folder Install/MacOSX. to work with Firefox и Thunderbird, you have to install Bit4id Cryptoki Libraries 1.2.12.pkg, and for integration with the OS and the other programs for Mac OS X - bit4id-tokend-ts-en-1.2.9.0.pkg.dmg.
In case you have to register the PKCS#11 module на Bit4id in a program different from Firefox, Thunderbird or InfoNotary Smart Card Manager you have to specify a path - /System/Library/bit4id/cryptoki/libbit4ipki.dylib.
After the installation continue with configuration Firefox or Safari.
Note: In case you didn't receive a CD or your laptop doesn't have a CD drive, please write to support@infonotary.com , and we will send you the drivers.
Download and install OpenSC
To use your certificate on OSX you must install OpenSC. With OpenSС you dont install any program with graphic interface so you wont find anything in Applications. You can download the latest version for your OS from here:
- For Mac OS X 10.9 and newer.
- For Mac OS X 10.8.
- For Mac OS X 10.7.
- For Mac OS X 10.6.
- For Mac OS X 10.5.
In case you have to register the PKCS#11 module на Bit4id in a program different from Firefox, Thunderbird or InfoNotary Smart Card Manager you have to specify a path - /Library/OpenSC/lib/onepin-opensc-pkcs11.so.
After the installation continue with configuration Testing Installation or Firefox and Safari.
Use both OpenSC and Bit4id Universal Middleware
In case you want to use both OpenSC and Bit4id Universal Middleware on the same computer you have to forbid OpenSC to access T&S DS/2048 smart cards. The easiest way to do it is to use following program:
- Disable Bit4id cards in OpenSC.
If you prefer to do it manually you can find instructions on OpenSC page.
Testing Installation
If you have problem using your certificate, you can run the following program to identify it:
It can send information directly to us. After report is accepted, it will show nine digit number, that can be used by our support team to see test result. If you do not have Internet connection or direct sending failed, you can save report and send it to support@infonotary.com.
Reader and card should be connected to the computer when test program is started.
Uninstall
OpenSC can be uninstalled with this program - OpenSC uninstaller.
Epson Drivers Mac Os X
Bit4id Universal Middleware can be uninstaled, by running the program Uninstaller from the folder /System/Library/bit4id.
Documentation
Documentation for OpenSC is available on Internet or in folder /Library/OpenSC/doc/ after the installation.
Mac Os Driver Download
On the page Working with OpenSC you can find instruction for th most common operation with OpenSC.