Setting login options, Getting the identifier for a common access card – Apple Federal Smart Card Package User Manual

Page 3

Advertising
background image

FSCP Installation and Setup Guide

3

Setting Login Options

Mac OS X is set up to log in automatically as the user you create when you set up Mac OS X.
Before using a Common Access Card to log in to your computer, you need to turn off
automatic login. To reduce the possibility of someone circumventing the security of your
computer, you can hide the Restart and Shut Down buttons that appear in the login window.

To change login options:

1

Open System Preferences and click Accounts.

2

Make sure you have deselected the “Log in automatically” checkbox.

3

To hide the Restart and Shut Down buttons in the login window, click Login Options and
select the checkbox.

Getting the Identifier for a Common Access Card

For a user to authenticate using a Common Access Card, you must associate the user’s
account with the card by adding the card’s Electronic Data Interchange (EDI) Identifier to
the user account. The identifier is a ten-digit number stored on the card. You get this number
using the ReadCAC application.

To get the EDI Identifier:

Open the ReadCAC application in the Smartcard folder (in Utilities), then insert the smart
card in the reader and enter the PIN for the card.

The identifier appears with the label “DoD EDI Identifier” in the ReadCAC window.

FSCP saves the EDI Identifier for each card used with the computer in a file named
CACRecords.txt, which is in your Documents folder.

Adding the EDI Identifier to a Mac OS X User Account

If you use Mac OS X user accounts for smart card authentication, you can use the

cac_addid

command in Terminal to add the EDI Identifier to the user account.

Note:

If you are using a different directory service, you do not need to do this step.

Open Terminal (in Utilities) and execute this command (as root):

cac_addid username ID

The

username

is the short name for the user account and

ID

is the identifier.

If you’re familiar with NetInfo Manager (in Utilities), you can use it to add the identifier to the
user account. Open the application and in the columns at the top of the window, select
“users” and then select the user account name. Choose New Property from the Directory
menu. In the Property column, type “_DoD_EDI_Identifier”. In the Value(s) column, type
the identifier for the card. Choose Save Changes from the Domain menu.

Sphinx Page 3 Tuesday, January 14, 2003 12:53 PM

Advertising
Popular Brands
Popular manuals