Centrify Resource Center

Home  |  Centrify Resource Center  |  Video Chalktalk Library

Smart Card for Mac Part 2: Architecture & Authentication Flow

Apple provides a basic smart card architecture that Centrify has leveraged to provide stronger, Active Directory-based authentication and transparent single sign-on to applications. In this chalktalk, Centrify CTO Paul Moore proves an overview of the Apple smart card architecture and details how Centrify DirectControl integrates it with Active Directory's authentication services. This is part 2 of a two-part series; also see Smart Card for Mac Part 1: Introduction to Active Directory Integration.

Get Adobe Flash player


Running Time

31 minutes

Speaker

Paul Moore
Chief Technical Officer

Moderator

David McNeely
Director, Product Management

Topics Covered
  • Basic smart card infrastructure provided by Apple and how authentication data stored on smart cards is read and distributed to the Mac's internal security API
  • How DirectControl interacts with the Mac's keychain API and security API to support a wide variety of TokenD-based cards, including CAC and PIV cards
  • How DirectControl expands on the digital-signing service that was the focus of the Apple smart card support to provide stronger forms of authentication
  • The authentication steps that take place as data is read from the smart card and the user is authenticated through the Active Directory KDC and directory servies
  • How the user receives a Kerberos ticket to ensure transparent sign-on to other applications such as email
  • How DirectControl enables secure, smart card-based login when the Mac is not on the network
  • The role of trusted roots in securely enabling cards issued by a certificate authority other than Active Directory
Free Evaluation Request a Free Evaluation of Centrify Suite for Mac OS X
Video Chalktalks Configuring Mac OS X Workstations Using Windows Group Policy Learn about the architecture and features of Centrify's Group Policy solution for Mac OS X.
Smart Card for Mac: Introduction to Active Directory Integration Centrify's David McNeely describes how Centrify DirectControl for Mac OS X addresses smart card authentication challenges.
On-Demand Webinar Centralized Mac Home Directories on Windows Servers Take a technical deep dive into how to set up ExtremeZ-IP and Centrify DirectControl to configure DFS-based home directories for Mac users. Register for the On-Demand Webinar