Query: smartcardservices-legacy
OS: mojave
Section: 7
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
SmartCardServices-legacy(7) BSD Miscellaneous Information Manual SmartCardServices-legacy(7)NAMESmartCardServices-legacy -- overview of legacy SmartCard supportDESCRIPTIONSmartCardServices-legacy is a set of components which add native support for SmartCards to OS X based on Tokend modules. Since OS X 10.12, there is SmartCard support which is described in SmartCardServices(7) Supported SmartCards appear as separate keychains. A Tokend module for each SmartCard you wish to use must be installed in /Library/Security/tokendUSB SMART CARD READER DRIVERSOS X has built-in support for USB CCID class-compliant SmartCard readers. For other readers, install the reader driver in /usr/local/libexec/SmartCardServices/drivers. Each driver is a bundle. The bundle contains an XML file Info.plist which contains the device's USB vendor ID and product ID. For detailed description of the plist format and how to write a reader driver, see http://pcsclite.alioth.debian.org/api/group__IFDHandler.htmlSMART CARD APDU LOGGINGIt is possible to turn on logging for SmartCards by setting the global preference: sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes After a SmartCard reader is connected (or after reboot) all operations including contents of sent and received APDU messages are then logged into the system log. Logging uses the facility com.apple.security.smartcard.log so it is possible to set up filtering of these logs into custom targets (see asl.conf(5)) To avoid security risks that could occur if logging is turned on indefinitely, the logging setting is one-shot - it must be turned on by the command above to start logging again with a new reader. This includes unplugging and replugging the same reader.DISABLING NEW SMART CARD SUPPORTIt is possible to turn of the new tokens by setting the global preference: sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtokenDISABLING SHEET AUTHORIZATION IN PREFERENCESWhen using tokend-based SmartCards, according to your configuration you may not be able to use SmartCards for authorization in System Prefer- ences sheets. In such case, you can disable sheets using following command: defaults write com.apple.Preferences UseSheets -bool FALSE System Preferences will then use the original dialog-based authorization.ENTITLEMENTSandboxed PCSC clients require 'com.apple.security.smartcard=YES' entitlement. Non-sandboxed PCSC clients do not require such entitlement (in order to keep backward compatibility with macOS < 10.10).SEE ALSOSmartCardServices(7), sc_auth(8), defaults(1), asl.conf(5), ssh-keychain(8) Mac OS X August 5, 2014 Mac OS X