Apple Support: Enabling CAC Support on macOS

The following article will walk you through enabling CAC support on your macOS device

Beginning with macOS 10.12 (Sierra), Apple has introduced a new API (Crypto Token Kit) for supporting PIV compatible (CAC) cards. NDU recommends that user's utilize this built-in mechanism to utilize your PIV enabled smart card.

Requirements

Verifying Crypto Token Kit

If you have installed other older TokenD based software, it is highly recommended that you remove the older software so as to not conflict with crypto token kit. Older TokenD based middleware include OpenSC, Centrify, and PKard. If you have any of these software packages installed, please consult the documentation from that software to remove it.

To verify Ctypto Token Kit is enabled, follow these steps:

  • In the Finder, Navigate to /Applications/Utilities double click on the Terminal application

  • Copy and paste the following text into the Terminal window, and then hit return on your keyboard:

defaults read /Library/Preferences/com.apple.security.smartcard DisabledTokens

​​​​​​​​​​​​​​​​​[

 

The output should include The domain/default pair of (/Library/Preferences/com.apple.security.smartcard, DisabledTokens) does not exist

If you do not receive that text then do the following to re-enable Crypto Token Kit:

  • Copy and past the following text into the Terminal window and press return on your keyboard: 

sudo defaults write /Library/Preferences/com.apple.security.smartcard EnabledTokens -array com.apple.CryptoTokenKit.pivtoken

  • Enter your administrative password and hit return on your keyboard. *Note you will not see anything on screen to indicate your password is being entered, this is normal

Crypto Token Kit has been re-enabled.