Setting up fscp to use other directories – Apple Federal Smart Card Package User Manual

FSCP Installation and Setup Guide

11

Setting Up FSCP to Use Other Directories

To authenticate a user when he or she logs in, FSCP gets information from the Common
Access Card and sends it to Open Directory. Open Directory uses this information to look up
the user record from the local NetInfo directory service and returns it to FSCP, which then
passes the record to Mac OS X to finish the login process.

You can also use user accounts in an existing directory service, such as LDAP or Active
Directory, to authenticate access to computers on your network. To do this, you make
changes to the userLookupConfig.plist file installed by FSCP. This file specifies the search
information necessary to look up the user record.

The userLookupConfig.plist file is in the SCLoginPlugin.bundle, which is located here:

/System/Library/CoreServices/SecurityAgentPlugins/

Here is the full pathname for the file:

/System/Library/CoreServices/SecurityAgentPlugins/SCLoginPlugin.bundle/Contents/
Resources/userLookupConfig.plist

Note: To see the contents of SCLoginPlugin.bundle, hold down the Control key and click
the SCLoginPlugin.bundle icon, then choose Show Package Contents from the menu. In the
window that opens, double-click the Contents folder, then the Resources folder.

The file specifies the search information as a series of XML key and value pairs. You change
these pairs to specify the information to get from the Common Access Card to use for the
search, the format of the search string, and the key for your directory service.

You can use any XML editor to change the userLookupConfig.plist file. Because the file is
located in the Mac OS X System folder, you need to log in as root to change it.

Sphinx Page 11 Tuesday, January 14, 2003 12:53 PM