When it comes to installing your new CAC reader onto your home computer, there’s a doubt that installing on Mac is much more complicated. Often, you’ll need to install a CAC Enabler just for your Mac to recognize the hardware. But don’t worry in this handy guide, we’ll walk you through how to install a CAC enabler for Mac and which one to choose.

1. Usb Smart Card Reader Patch For Mac Os X Update
2. Usb Smart Card Reader Patch For Mac Os X Download

LANMU CAC Smart Card Reader,DOD Military USB Common Access Card Reader/ID Card/IC Bank Card Reader, USB Smart Card Reader Compatible with Windows (32/64bit) XP/Vista/7/8/11, Mac OS X Brand: LANMU 4.1 out of 5 stars 34 ratings. SCR331/SCR3310 Contact Smart Card Reader. Part No: 904334, 905185. ISO 7816 compliant, small, ergonomic USB smart card reader with bottom side mounting holes. Feature: DOD Military CAC USB Smart Card Reader for CAC Cards, Government ID, National ID, ActivClient, AKO, OWA, DKO, JKO, NKO, BOL, GKO, Marinenet, AF Portal, Pure Edge Viewer, ApproveIt, DCO, DTS, LPS, Disa Enterprise Email etc. Compatible with windows (32/64bit) XP/Vista/ 7/8/10, Mac OS X Support Card types: 5V, 3V and 1.8V Smart Cards, ISO 7816 Class A, B and C. Saicoo Smart Card Reader DOD Military USB Common Access CAC, compatible with Mac OS, Win - Vertical version: Amazon.in: Computers & Accessories. Multifunctional Smart Card Reader Driver for all models which base on the Realtek RT5169 IC Solution, this series card reader build-in SD Card slots. Check your Smart Card Reader Slot before downloading the Driver, make sure download the correct version driver. Snow Leopard (10.6.x) and later. Mac OS X Snow Leopard (10.6) and later are supported without patches. To build the driver you need to extract the archive and do./MacOSX/configure make sudo make install Leopard (10.5) Mac OS X Leopard (10.5) is supported with a simple patch. To build the driver you need to extract the archive and do.

Here’s the thing…. Mac has many different OS’s which means that there are many different CAC enablers. And some will work for particularly OS’s only.

MUST READ IMPORTANT INFO BEFORE YOU BEGIN

Before you get started downloading and installing your CAC Enabler, there is some information that you need to be aware of:

• Only download and install ONE CAC Enabler. Multiple CAC Enablers can cause your CAC Card reader not to work. If you currently have an incorrect CAC enabler installed, you need to uninstall and remove it before getting the correct one. This includes built-in Smart Card Readers for the newer OS’s.
• Some of these CAC Enablers will ask for a Keychain Password. You should already have this information. It’s your CAC PIN. But before you enter this information, make sure you’ve already selected your CAC Certificate. And you need to use your full CAC pin. Failure to do so can actually lead to you getting locked out of your CAC Card. If this happens, you’ll have to go to your nearest ID Card Office or PSD to get it unblocked.

• After successfully installing your CAC Enabler, you need to restart your computer before trying to access any CAC protected site. This ensures that your computer has properly recognized and installed the CAC Enabler.
• Just because you’ve properly installed and set up your enabler, that doesn’t mean that it will work with all browsers–particularly Firefox. As popular of a browser it is, Firefox is notorious for not allowing CAC-protected sites to be accessed. This is why I recommend using Google Chrome. It has the least obstructions for you when it comes to using your CAC Reader.

What CAC Enabler Do You Need For Your OS?

In order to make sure that you download the right OS, be sure to use our handy Table of Contents to jump to the proper section.

And with that, let’s get your Mac system CAC Card ready!

Catalina (10.15.x)

If you’ve purchased a Mac with the Catalina OS installed, STOP RIGHT HERE.

Catalina comes pre-equipped with a built-in CAC Enabler. This means you do not need to install a third-party program. If you do, it may interfere with your built-in enabler and cause your CAC to not be recognized. Just be sure that you have the proper DOD certificates installed.

But what if you purchased your Mac and then upgraded to the new system?

If you haven’t installed any third-party enablers, the built-in function should automatically start working. But if you have previously installed any third-party CAC enablers, you’re going to have to uninstall and completely remove those first.

Mojave (10.14.x)

Similar to the Catalina OS, Mojave also has a built-in Smart Card Reader. This means that a third-party CAC enabler program may not be necessary. So before downloading any other enabler, test out the built-in first–just make sure you have the proper DOD certificates needed.

If your Mojave’s built-in reader is not working, then you can proceed to pick up another CAC enabler. There are 4 verified readers that work for Mojave that we know of.

Each of these should work for any type of CAC Card.

High Sierra (10.13.x)

High Sierra is another Mac OS with a built-in Smart Card reader. However, unlike Mojave or Catalina, you cannot access CAC-protected sites through Safari. They are not supported through Safari in this OS.

You need to use Google Chrome for optimal results. If you are adamantly opposed to using Chrome, I’d recommend to go ahead and update your Mac OS to Mojave or Catalina (if supported). Afterwards, you should find you don’t need a CAC enabler as long as you have the proper certificates.

However, if things aren’t working out the way they should, you do have some options for third party CAC enablers.

These have been verified to work with High Sierra and with every CAC Card type we’ve come across.

Sierra (10.12.x)

Sierra is the last of the Mac OS’s that has a built-in Smart Card Reader. However, you need to be aware that this reader will not function with the Safari browser even with the proper certificates.

You’ll need to utilize Google Chrome along with the proper DOD (or other) certificates.

There have been reports of the Sierra built-in CAC reader failing to operate properly. And in that case, you’re going to need to download one of these verified CAC enablers:

These CAC Enablers work with every type of CAC Card.

One thing to note is that if you decide to utilize PKard with Sierra, you need to make sure that you’re using PKard version 1.7 or higher.

El Capitan (10.11.x)

Unlike its newer OS counterparts, El Capitan does not come with a built-in smart card reader. You will be required to download and install a third-party program. Thankfully, there are 5 different CAC Enablers you can use.

One thing to note is that Smart Card Services will not work with all types of CAC Cards. If your CAC Card is designated as Oberthur ID One 128 v5.5a D, Smart Card Services cannot read it. You can find this information on the back of your CAC card itself near the magnetic strip.

This can be solved one of two ways. Either opt for a different enabler or get a new CAC Card.

Yosemite (10.10.x)

Yosemite requires a third-party enabler to be installed in order for your CAC Card to be recognized. There are 5 different verified options for Yosemite users:

Although a verified option, we recommend against using Smart Card Services. The reason for this is that Smart Card Services doesn’t accept all types of CAC Cards–particularly those labeled Oberthur ID One 128 v5.5a D.

Mavericks (10.9.x)

Mavericks is another Mac OS without a built-in Smart Card Reader. This means that you’re going to need to download a CAC Card Enabler. We’ve found five different platforms that work with this OS.

However, we suggest steering clear of Smart Card Services if you’re carrying the Oberthur ID One 128 v5.5a D CAC Card. This enabler does not recognize this particular type of CAC Card.

Mountain Lion (10.8.x)

Since Mountain Lion OS has no built-in Smart Card Reader, you’ll have to avail of a third-party CAC Card Enabler. There are 5 different options to choose from for this platform.

However, if you’re using the CAC Card type, Oberthur ID One 128 v5.5a D, steer clear of Smart Card Services. They don’t recognize this type of card.

Lion (10.7.x)

Lion is one of Mac’s older operating systems. But that doesn’t mean you’re completely out of luck if need to use a CAC card on it. There are 4 different options you have.

It’s worth mentioning that if you are planning on using Smart Cards Services, ensure you don’t have an Oberthur ID One 128 v5.5a D CAC Card. The program doesn’t work with the typing.

Snow Leopard (10.6.x)

The first recommendation I have for Snow Leopard users is to upgrade their system as soon as possible. But if due to constraints you are unable to, there are still a few paths you can take when it comes to ensuring your CAC Card can be read.

Just don’t opt for Smart Card Services if you’re using an Oberthur ID One 128 v5.5a D CAC Card.

Leopard (10.5.x)

If you’re still using Leopard, our first recommendation is to upgrade your OS immediately. However if you’re unable to, there’s still hope for using a CAC Card on your computer.

Your available options for CAC Card Enabler are:

However, TENS will only work if your computer has an Intel processor. It won’t work if you’re using a PPC.

Again, the first recommendation for Leopard is not downloading a new CAC enabler but updating your system.

Our Top CAC Enabler Picks for All Operating Systems

When it comes to which enablers we like best, it boils down to two.

PKard and ActivClient for Mac.

Either one of these is compatible with just about every OS on this list–with the exception of Catalina (Be sure to use their built-in enabler.)

Plus they have vendor support. And that can be quite handy if you’re having issues with your CAC enabler. However, they don’t come free. ActivClient for Mac rings in at around $50 while PKard is available for around $40.

This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.

Enable smart card-only login

Make sure that you carefully follow these steps to ensure that users will be able to log in to the computer.

1. Pair a smart card to an admin user account or configure Attribute Matching.
2. If you’ve enabled strict certificate checks, install any root certificates or intermediates that are required.
3. Confirm that you can log in to an administrator account using a smart card.
4. Install a smart-card configuration profile that includes '<key>enforceSmartCard</key><true/>,' as shown in the smart card-only configuration profile below.
5. Confirm that you can still log in using a smart card.

For more information about smart card payload settings, see the Apple Configuration Profile Reference.

For more information about using smart card services, see the macOS Deployment Guide or open Terminal and enter man SmartCardServices.

Disable smart card-only authentication

Usb Smart Card Reader Patch For Mac Os X Update

If you manually manage the profiles that are installed on the computer, you can remove the smart card-only profile in two ways. You can use the Profiles pane of System Preferences, or you can use the /usr/bin/profiles command-line tool. For more information, open Terminal and enter man profiles.

If your client computers are enrolled in Mobile Device Management (MDM), you can restore password-based authentication. To do this, remove the smart card configuration profile that enables the smart card-only restriction from the client computers.

To prevent users from being locked out of their account, remove the enforceSmartCard profile before you unpair a smart card or disable attribute matching. If a user is locked out of their account, remove the configuration profile to fix the issue.

If you apply the smart card-only policy before you enable smart card-only authentication, a user can get locked out of their computer. To fix this issue, remove the smart card-only policy:

1. Turn on your Mac, then immediately press and hold Command-R to start up from macOS Recovery. Release the keys when you see the Apple logo, a spinning globe, or a prompt for a firmware password.
   
2. Select Disk Utility from the Utilities window, then click Continue.
   
3. From the Disk Utility sidebar, select the volume that you're using, then choose File > Mount from the menu bar. (If the volume is already mounted, this option is dimmed.) Then enter your administrator password when prompted.
4. Quit Disk Utility.
5. Choose Terminal from the Utilities menu in the menu bar.
6. Delete the Configuration Profile Repository. To do this, open Terminal and enter the following commands.
   In these commands, replace <volumename> with the name of the macOS volume where the profile settings were installed.
   rm /Volumes/<volumename>/var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Settings/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Setup/.profileSetupDone
7. When done, choose Apple () menu > Restart.
8. Reinstall all the configuration profiles that existed before you enabled smart card-only authentication.

Configure Secure Shell Daemon (SSHD) to support smart card-only authentication

Users can use their smart card to authenticate over SSH to the local computer or to remote computers that are correctly configured. Follow these steps to configure SSHD on a computer so that it supports smart card authentication.

Update the /etc/ssh/sshd_config file:

1. Use the following command to back up the sshd_config file:
   sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup_`date '+%Y-%m-%d_%H:%M'`
   
2. In the sshd_config file, change '#ChallengeResponseAuthentication yes' to 'ChallengeResponseAuthentication no' and change '#PasswordAuthentication yes' to '#PasswordAuthentication no.'

Then, use the following commands to restart SSHD:

Revo uninstaller pro 3.2 1 serial key. sudo launchctl stop com.openssh.sshd

sudo launchctl start com.openssh.sshd

If a user wants to authenticate SSH sessions using a smart card, have them follow these steps:

1. Use the following command to export the public key from their smart card:
   ssh-keygen -D /usr/lib/ssh-keychain.dylib
2. Add the public key from the previous step to the ~/.ssh/authorized_keys file on the target computer.
3. Use the following command to back up the ssh_config file:
   sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config_backup_`date '+%Y-%m-%d_%H:%M'`
4. In the/etc/ssh/ssh_config file, add the line 'PKCS11Provider=/usr/lib/ssh-keychain.dylib.'
   

If the user wants to, they can also use the following command to add the private key to their ssh-agent:

ssh-add -s /usr/lib/ssh-keychain.dylib

Enable smart card-only for the SUDO command

Use the following command to back up the /etc/pam.d/sudo file:

sudo cp /etc/pam.d/sudo /etc/pam.d/sudo_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the /etc/pam.d/sudo file with the following text:

Enable smart card-only for the LOGIN command

Use the following command to back up the /etc/pam.d/login file:

sudo cp /etc/pam.d/login /etc/pam.d/login_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the/etc/pam.d/login file with the following text:

Enable smart card-only for the SU command

Use the following command to back up the /etc/pam.d/su file:

sudo cp /etc/pam.d/su /etc/pam.d/su_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the/etc/pam.d/su file with the following text:

Sample smart card-only configuration profile

Usb Smart Card Reader Patch For Mac Os X Download

Here’s a sample smart card-only configuration profile. You can use it to see the kinds of keys and strings that this type of profile includes.