Need an OS X Guru in the Navy Reserves...
 

Okay, I'm in the Navy Reserves, and they have a Smart Card system that lets you read your e-mail from a computer hooked up to a smart card reader. They (finally) released a Macintosh version, and I'm trying to install it.

I downloaded the installer program from the Navy Reserves web site through my PC, because you need secure access to d/l. Anyway, the installer file is called "ActiveCardGoldMacOSX.1" and there is a note on the web site that says, "Attention Macintosh OS-X Users: The downloaded file does not look right to some MAC [sic] users, as it has an unusual file extension. The file will execute and install, however."

Uh-huh. No it won't. I've tried double-clicking on it, I've tried changing the permissions to "executable," I've tried running it as root, tried changing it to .1.app, tried changing the file type permissions, etc., and it just won't run. When I try from the terminal root, it says:

su: ./ActivCardGoldMacOSX.1: cannot execute binary file

Here is the file listing:

-rwxr-xr-x 1 Tofer Tofer 7593796 8 Jan 14:18 ActivCardGoldMacOSX.1

Interestingly, reading through the documentation, it says,

1. Insert the ActivCard Gold CD in the CD drive. (The installer ships as a compressed file called ActivCardGoldMacOSX.1.hqx.)
2. Double-click on the compressed file to extract ActivCardGoldMacOSX.1.
3. Double-click the installer to start the installation program.

Ah, but the nice Navy folks gave me just the .1 file, not the .hqx file. (And stuffit claims the .1 file isn't a stuffed file).

I wonder...could the .1 file actually be a directory instead of a file? If so, can I recoup it from just the .1 file?

I would appreciate any help...thanks!

-Tofer

Have you tried just taking the .1 off the end of the file name and then double clicking on it? If it asks for an application, navigate to your Stuffit Expander and see if that works.

Wild guess here...what happens if you add a .hqx to the end and then double-click it?

To test your directory theory, can you Control-click/right-click on it and choose Show Package Contents or is that command not there?

Yeah, what he said. Try it!

Hmm..tried all that. Quick update, though: I did finally download the file straight from the website (instead of going through my Windows PC), and the newly downloaded file (with the .1 extension) is trying to open with Excel. I've changed the extension, tried opening with stuffit...nothin'.

-Tofer

Hmmm, could be .zip, .tar, .dmg, .sit, or even .exe?
None of these will hurt, so give them a try. It's a guessing game.

Is it possible that there is a missing file that should be with this one?

Thanks for the help. Stuffit Expander chokes with the message: "The file 'Activ...hqx' does not appear to be stuffed or encoded. The Application 'Stuffit Expander.app' might be able to open the file." I actually think that is a pretty funny message...stuffit doesn't even know that it just tried to open the file...

-Tofer

When presented with an unknown file, the first thing you should try is, in Terminal,
and see what it thinks. Hopefully it won't just say data.

Back to the drawing board. :mad:

Thanks!

-Tofer

So if:
1. Insert the ActivCard Gold CD in the CD drive. (The installer ships as a compressed file called ActivCardGoldMacOSX.1.hqx.)
2. Double-click on the compressed file to extract ActivCardGoldMacOSX.1.
3. Double-click the installer to start the installation program.

Then if the file you have is ActivCardGoldMacOSX.1 , then you must have the un-stuffed file already??
OR, you really need to download this to a Mac, it may be losing certain resources when downloaded and uncompressed on a PC. You may want to contact your NavRes tech support (whatever that may be) for assistance on actually installing it. Or you need the CD referred to in step 1?? You may have to activate the CAC recognition in your OS X (this is natively installed in OS X Panther, if you didn't know) I have activated it on my system a couple of times just as a demo, as I don't have a CAC card, or a reader attached to my system, but this shows a DOD login when you login to your account.
Try in the terminal
sudo cac_setup
this will ask for your admin password, and then startup SmartCard services
Logout, you'll see the DOD login window.
To turn back off, type sudo cac_setup -off

Thanks for the info. I had already run the cac_setup (I did that to install the cac reader hardware), and no, I don't have the CD because it was a download from the Navy site. I think you're correct that some of the resources were lost, and I kind of wish they had just posted the .hqx file instead of the unstuffed file (which probably lost the resources). I did finally d/l it straight to my mac, but I didn't get anything different, except that the file type creator is "hDmp" and the type is "BINA."

I've already got a call in with tech support. Cheers!

-tofer

interesting development
 

VERY interesting development. I ran the pcsctool program from Terminal, and it installed a token on my smart card that allowed me to properly log in to the card using Firefox. The certificates are valid (and show up), and I don't even have the ActivGold software loaded. Unfortunately, none of the secure pages I go work yet, but I'm having the same problem with Firefox on my PC, so I'll try to get to the bottom of it on both. I'm off to try Netscape now...

Thanks for the help!

-Tofer

GOT it!
 

I finally figured it out! I needed some certificates from Internet Explorer on my PC. It took me a while, but I successfully exported/imported the certs into Firefox on my mac. I need to write a note to the tech people to tell them that the ActivCardGold package isn't even needed to successfully set up the certificates. Thanks again for your help!

-Tofer

I didn't think we needed to, Apple said they'd include the ActivGold software in the OS X 10.3 for Panther.

If you don't mind helping me out though, where do I go to download the certificates that need to be installed?

My card is in the cardreader, but the websites don't seem to recognize it.
Do I need to use Explorer instead of Netscape?

Any help is appreciated, Thanks.

Need detailed directions on ActivCard install
 

Tofergregg:

Can you provide a step by step description of how you got the ActivCardGold software installed and working on your Mac. I have been messing around with it lately, but I cannot get the USB reader to actually read the CAC nor can I get the ActivCard software to install (can't seem to find a help desk that will admit to supporting it either). Oddly enough, it worked under VirtualPC with Win98SE running on it. It seems to have stopped working since I tried to download the Mac OS X application.

v/r
spacer1

I realize this is an old thread with some new replies. So here is how it works. You do not need the activ card gold software, I tried it an it actually doesn't work as well. Panther gives you the cac software on disc three. Just install it. YOu can find instructions for this on apple.com. Just do a search for cac. After you have run that and run the terminal commands (cac_setup etc) then you need to add your pkcs module to thunderbird and firefox (mozilla is the only supported client so far this will change with tiger). You do this by the manage certificates preference. You need to also add the root certificates. You can get additional informaiton on this through the fedtalk list from apple.

Thank you!

I will hopefully be able to follow your instructions.
I wish someone would included something along these lines with the general distribution.

I am successfully using my USB CAC reader with Netscape to check my NMCI mail from home, but it's annoying that enabling CAC services under Panther locks all of my system preferences. I don't want to have to insert my card every time I want to change something on my home computer. Is there a work-around for this?

Sounds like you have a configuration issue. I don't have any problem with my system preferences with cac enabled. Although I do use the cac to log on and maybe that unlocks everything. I haven't tried to change things after having logged in without the cac.

I use the CAC to log on as well, but of course remove the card when I leave, since getting on base is a pain without it! But while I am logged on, without the card inserted, all of my System Prefs are locked. If I try to change that, I have to reinsert the card. Are you saying that you can make changes with the card removed? What configuration setting would control that?

Yes it doesn't matter if my card is inserted or not. I don't know what would be different between your config and mine. What is your setup i.e. are you using a regular account, or an admin account etc. I am using an admin account and I suppose that could be different. The obvious solution if you can't figure this out is to leave your card inserted while you are using your machine and remove it when you leave.

In the "Security" pref-pane, there's a checkbox for that.

Just a stupid question:
Is it considered good practice to leave the card inside the reader while working ?

My understanding is that the presence of the card replaces the need to type in the admin password.

If that is so, you'd be quite more vulnerable to someone tricking you into installing something like the "opener"-shell-script than regular people without fancy card-readers, becaus you won't see the pw-prompt.
But being a civilian and consequently lacking the possibilty to check it out, I may be mistaken here.

No the OS still asks for your admin password when installing etc. It just allows for authentication using a pin as opposed to username and password. It does not override the need for an admin password to install. I leave my card in while I am at my machine and remove it when I am gone. It will only ask for your pin initally when doing digitally signed email then it will not ask for it again as long as you do not remove it, once the card has been removed you must reauthenticate the email program (you can still read email and send non-digitally signed).

Oh also to clarify...I have the "require password to unlock each secure system preference" button checked. So if i want to change one of those prefs like security for instance then I do need to authenticate, however when I uncheck that button then I don't need to authenticate to change those prefs. I understood the problem to mean that he couldn't change any of his prefs without authenticating.

I'm also using an Admin account. If I unlock System Prefs while my card is in the reader, they stay unlocked until I log out. However, I have to do that every time I log in, or leave the card in the reader.