ADmitMac for CAC (AFC) securely integrates U.S. Department of Defense Common Access Cards (CAC) with Apple Macintosh computers. AFC provides a single sign-on environment, verifying a CAC against a centralized network authority. AFC obtains Kerberos tickets using CAC certificates, makes these certificates available to “Kerberized” applications, locks the computer upon removal of a CAC, and protects the computer from unauthorized wake from sleep modes.
Security goes far beyond a simple verification of the PIN against the CAC. With AFC, the card itself is challenged to ensure that neither the card nor the privileges granted the user have been revoked.
When a CAC is inserted into a Macintosh, AFC changes the normal login screen and challenges the user to enter their CAC PIN authorization. Upon verification of the user‘s PIN, AFC then obtains the proper network credentials from the Kerberos Key Distribution Center.
AFC includes its own PKINIT (Public Key Cryptography for Initial Authentication in Kerberos) that enables this secure integration.
No comments:
Post a Comment