ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
PIV/PKI Integration on MacOS Catalina or higher
Article ID: 226855
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
When logging into a PAM Server with PKI/PIV enabled - the PAM Client doesn't load the PKI/PIV Certificates to choose -> therefore no one can use this integration.
Cause
Starting with MacOS Catalina and higher, you no longer have to use 3rd party software enabler like PKcard, CSSI, OpenSC or CACKey.
MacOS now uses -> com.apple.CryptoTokenKit.pivtoken which enables PKI/PIV cards out of the box.
Therefore if you use one of these enablers, you must uninstall per:
https://militarycac.com/macuninstall.htm
Environment
Release : 3.4.x
Component : PRIVILEGED ACCESS MANAGEMENT
Resolution
In PAM 3.4.5 - we updated our PAM Client (jxplorer) which includes support for the integration with apple's com.apple.CryptoTokenKit.pivtoken PKI/PIV card reader.
Feedback
Yes
No
Powered by
