Alcor Micro Smart Card Reader Driver Mac Os
Odina Conkright
I carry my personal certificate for S/MIME e-mail and my PGP credentials in a Yubikey NEO; it is much more convenient for me to use a USB device rather than require smart card readers on all the systems I use. The Yubikey also supports U2F (the security key standard used by Google and other companies on the web), is a secure store for OTP credentials that are used for two-factor authentication on many web sites (the sort that are issued as a QR code and result in a 6 or 8 digit number) and has a proprietary one time password system used by web sites such as LastPass for two factor authentication.
My applications for these devices are all about securing trusted credentials used once the system is up and running. However, you can use the smart card functionality of all the current YubiKeys other than the U2F only key (that's the 4 series, NEO and the FIPS range) to secure all manner of services and applications including VPN applications. You can also login to Windows via smart card if you have the right back-end infrastructure.
I wish it was as simple as buy a bunch of YubiKeys and hand them out. If you want an overview of what is involved, read Yubico's white paper on smart card deployment, though be aware that this assumes you already have - or know how to set up - a Windows Active Directory domain.
Strangely, the Alcor reader will only get listed when a Smart Card is inserted. If I look at it in Device Manager, it doesn't show up under the "Smart card readers" until a card is inserted, too (unless I go to View > Show Hidden Devices).
Strangely enough, the above error message disappears immediately as soon as I downgrade to VMware Horizon Client 8.4.1 - then, with the same PKI card in the same smart card reader, the PKI PIN dialogue appears reliably as expected and the user can authenticate...I am soon despairing, as Lenovo is alternatively blaming Microsoft or VMware for the error, as the error on the unchanged hardware disappears with the downgrade.
The driver for the smart card reader should definitely be installed, as Lenovo does not offer a more recent version of the driver "Alcor Micro USB Smart Card Reader Driver" than the one in the installed version 1.9.17.2308.
Among some of the popular uses for smart cards is the ability to control access to computer systems. To operate the owner must have the smart card and they must know the PIN to unlock the card. This provides a higher degree of security than single-factor authentication such as just using a password.
To enable smart card authentication we should rely on a module that allows PAM supported systems to use X.509 certificates to authenticate logins. The module relies on a PKCS#11 library, such as opensc-pkcs11 to access the smart card for the credentials it will need.
To validate the smart card certificates the pam_pkcs11 module needs to know the acceptable Certificate Authorities for signing user certificates and any available CRLs. You can add these in the following paths.
The next step includes the pam_pkcs11 module into the PAM stack. There are various ways to do this depending on your local policy. The following example enables smart card support for general authentication.
The above configuration will require the system to perform a smart card authentication only. If a user fails to authenticate with a smart card, then the login will fail. All the PAM services in the /etc/pam.d directory that include common-auth will require the smart card authentication.
Now that pam_pkcs11 and PAM have been configured for certificate logins, there is one more action. The pwent mapper requires the CN in the certificate to be in the /etc/passwd gecos field of the user. The CN must be extracted from the certificate on the smart card and added in passwd.
For checking if the smartcard works, without doing any verification check (and so for debugging purposes the option) --verify=no_ocsp can also be used, while --verify=partial_chain can be used to do partial CA verification.
The next step includes the pam_sss module into the PAM stack. There are various ways to do this depending on your local policy. The following example enables smart card support for general authentication.
... Precision touchpad (PTP) technology supports up to four-finger smart gestures - Wi-Fi: 802.11ac Wi-Fi; IEEE 802.11 a/b/g/n ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
... Precision touchpad (PTP) technology supports up to four-finger smart gestures - Camera: HD webcam - Wi-Fi Master:Dual-band ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
... Precision touchpad (PTP) technology supports up to four-finger smart gestures - Camera: HD webcam - Wi-Fi: Dual-band ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
... Precision Touchpad (PTP) technology supports up to four-finger smart gestures - Wi-Fi: Dual-band 802.11ac gigabit-class Wi-Fi - ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
... Precision Touchpad (PTP) technology supports up to four-finger smart gestures - Camera 3D IR HD camera - ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
... Precision Touchpad (PTP) technology supports up to four-finger smart gestures - 3D IR HD camera - Dual-band ... package contains the files needed for installing the Card Reader driver. If it has been installed, updating (overwrite-installing) may ... reboot to allow changes to take effect.About Internal Card Reader Drivers:Installing the embedded card reader software gives ...
Install pcsc-tools and start the pcsc_scan(1) utility, then connect the Smart card reader and finally insert a card.If you see output like this, the smart card reader and also the card have been successfully recognized.
When interfacing with a TV-card for live TV and recording (PVR/DVR), you may need to assign the smartcard reader to the video user group allowing decryption. When using a Smargo Smartreader consider the following udev rule:
If the browser is not able to use the smart card data, probably it is not aware of the service which provides access to the device. This happens if you plug in the smart card reader after you open Firefox.To solve this issue, simply restart Firefox.
Either the HW is shaky by design and/or the drivers on Linux do not work correctly. However the card reader is useless, as it will often hang and subsequently confuse software, which will give obscure error messages.
After latest Servicing Stack update (KB4586863) and Cumulative update (KB4586786), logon with smart card stopped working with this message: "This smart card could not be used. Additional detail may be available in the system log. Please report this error to your administrator".
Did you get around this problem? I am sitting in the same situation, with this event id 5 blocking the logon using a smartcard. I also notice event id 1 and 2 (result 1326) deep down in the event log for Winlogon among the Windows operational logs.
I have tested Windows 1809 with all updates until yesterday(2021-02-18). All other prerequisites for my smart cards are in place. I have the external CA certitificate in both NTAuth and Root containers in AD, as well as a Certificate Revocation List available offline.
aa06259810