Installation Steps
The Smartcard Services software is already included in Mac OS X 10.6 (Snow Leopard) and below, but it may need some additional configuration. For Mac OS X 10.7 (Lion) and above, you need to download and install the software from the official website. Follow the steps below according to your version of Mac OS X.
For Mac OS X 10.7 (Lion) and above
Download the installer for your version of Mac OS X from the Installers section of the Smartcard Services website.
Unzip the installer and launch the unzipped (.pkg) file.
Click Continue through the Introduction and Read Me sections.
On the Destination Select screen, select Install for all users of this computer and click Continue.
Click Continue and then click Install on the Installation Type screen.
Enter your password and click Install Software to complete the installation.
Click Close to close the installer.
For Mac OS X 10.6 (Snow Leopard) and below
Navigate in Finder to Go > Utilities and launch Keychain Access.app.
If the SystemCACertificates keychain is loaded in Keychain Access, skip to step 6. Otherwise, continue with step 3.
From Keychain Access, go to File > Add Keychain.
Select Hard Disk from the drop-down menu and navigate to System > Library > Keychains > SystemCACertificates.keychain.
Select Add.
The Smartcard Services software is now installed and ready to use.
Usage Steps
To use a smart card on your Mac, you need to pair it with your local user account or configure it to work with a directory service, such as Active Directory. The default method of smart card usage on Mac computers is to pair a smart card to a local user account; this method occurs automatically when you insert your card into a card reader attached to your computer. You can also use attribute mapping with Active Directory to authenticate your smart card against a directory service. Follow the steps below according to your preferred method of smart card usage.
Local account pairing
Insert a PIV smart card or hard token that includes authentication and encryption identities into a card reader attached to your computer.
Select Pair at the notification dialog that appears on your screen.
Provide administrator account credentials (user name/password).
Provide the 4â6 digit personal identification number (PIN) for the inserted smart card.
Log out and use the smart card and PIN to log back in.
Your smart card is now paired with your local user account and can be used for various purposes, such as accessing PK-enabled websites or encrypting your data with FileVault.
Attribute mapping with Active Directory
To use this method, you need to have an Active Directory bound system and set appropriate matching fields in the file /private/etc/SmartcardLogin.plist. This file must have world-readable permissions to function properly. You can use any of the following fields in the PIV Authentication certificate to map attributes to corresponding values in the directory account: Common Name, RFC 822 Name (email address), NT Principal Name, Organization, OrganizationalUnit:1, OrganizationalUnit:2, OrganizationalUnit:3, or Country. You can also concatenate multiple fields to produce a matching value in the directory.
Before you can use this feature, you need to turn off the local pairing dialog by opening the Terminal app and typing: sudo defaults write /Library/Preferences/com.apple.security.smartcard UserPairing -bool NO. Then enter your password when prompted.
As soon as your Mac is configured, insert a smart card or token into a card reader attached to your computer to create a new user account. You will be prompted to enter your PIN and create a unique keychain password that is wrapped by the encryption key in the smart card.
Your smart card is now configured to work with Active Directory and can be used for various purposes, such as accessing PK-enabled websites or encrypting your data with FileVault.
Conclusion
Smart cards are useful devices that can enhance the security and convenience of your Mac. By following the installation and usage instructions in this article, you can set up and use a smart card on Mac OS Sierra 10.2.6. For more information and support, you can visit the Smartcard Services website or the Apple Support website.
a104e7fe7e