updated 06:05 pm EDT, Fri July 14, 2006
Mac DoD CAC system
Thursby Software Systems today released ADmitMac for CAC Beta (AFC), integrating U.S. Department of Defense Common Access Cards (CAC) into Mac OS X. AFC offers a single sign-on environment verifying the CAC against a centralized network authority, obtains authorized Kerberos certificates, and makes those certificates available to "Kerberized" applications. The software also locks the computer upon removal of a CAC card, and protects the system from unauthorized attempts to wake from sleep. AFC changes the normal login screen and challenges the user to enter their CAC card PIN authorization when a CAC is inserted into the Mac. Upon verification of the user's PIN, AFC obtains the proper network credentials from the Kerberos Key Distribution Center. ADmitMac for CAC Beta is priced at $170 for a single-user license, and requires Mac OS X 10.4 or later.
ADmitMac for CAC enhances Apple's standard Mac OS X 10.4 security offering by:
- Implementing a single sign-on environment.
- Offering PKINIT support.
- Negating the need for passwords to login or mount network volumes.
- Automatically locking the computer upon removal of the CAC.
- Integrating CAC security with the screen-saver.
- Logging security-related events.
Additional ADmitMac features include:
- Enhanced security including NTLMv2 and SMB Signing.
- Full support for Dfs (Distributed File System).
- Integration with Microsoft's NTFS file system for storage of both file forks in single file (avoiding ._files).
- Integration with Apple's Workgroup Manager to fully support Managed Desktop (mcx) settings with no schema changes.