mojave man page for smartcardservices-legacy

Query: smartcardservices-legacy

OS: mojave

Section: 7

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

SmartCardServices-legacy(7)			       BSD Miscellaneous Information Manual			       SmartCardServices-legacy(7)

NAME
SmartCardServices-legacy -- overview of legacy SmartCard support
DESCRIPTION
SmartCardServices-legacy is a set of components which add native support for SmartCards to OS X based on Tokend modules. Since OS X 10.12, there is SmartCard support which is described in SmartCardServices(7) Supported SmartCards appear as separate keychains. A Tokend module for each SmartCard you wish to use must be installed in /Library/Security/tokend
USB SMART CARD READER DRIVERS
OS X has built-in support for USB CCID class-compliant SmartCard readers. For other readers, install the reader driver in /usr/local/libexec/SmartCardServices/drivers. Each driver is a bundle. The bundle contains an XML file Info.plist which contains the device's USB vendor ID and product ID. For detailed description of the plist format and how to write a reader driver, see http://pcsclite.alioth.debian.org/api/group__IFDHandler.html
SMART CARD APDU LOGGING
It is possible to turn on logging for SmartCards by setting the global preference: sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes After a SmartCard reader is connected (or after reboot) all operations including contents of sent and received APDU messages are then logged into the system log. Logging uses the facility com.apple.security.smartcard.log so it is possible to set up filtering of these logs into custom targets (see asl.conf(5)) To avoid security risks that could occur if logging is turned on indefinitely, the logging setting is one-shot - it must be turned on by the command above to start logging again with a new reader. This includes unplugging and replugging the same reader.
DISABLING NEW SMART CARD SUPPORT
It is possible to turn of the new tokens by setting the global preference: sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
DISABLING SHEET AUTHORIZATION IN PREFERENCES
When using tokend-based SmartCards, according to your configuration you may not be able to use SmartCards for authorization in System Prefer- ences sheets. In such case, you can disable sheets using following command: defaults write com.apple.Preferences UseSheets -bool FALSE System Preferences will then use the original dialog-based authorization.
ENTITLEMENT
Sandboxed PCSC clients require 'com.apple.security.smartcard=YES' entitlement. Non-sandboxed PCSC clients do not require such entitlement (in order to keep backward compatibility with macOS < 10.10).
SEE ALSO
SmartCardServices(7), sc_auth(8), defaults(1), asl.conf(5), ssh-keychain(8) Mac OS X August 5, 2014 Mac OS X
Related Man Pages
smartcardservices(7) - mojave
sc_auth(8) - mojave
gss(5) - osx
pcscd(8) - osx
cmx(4) - freebsd
Similar Topics in the Unix Linux Community
TA08-016A: Apple QuickTime Updates for Multiple Vulnerabilities
TA08-079A: Apple Updates for Multiple Vulnerabilities
OpenCT 0.6.15 (Default branch)
TA08-260A: Apple Updates for Multiple Vulnerabilities
Full Command Logging?