Centrify Corp. (http://www.centrify.com) — a provider of Microsoft
Active Directory-based auditing, access control and identity
management solutions for non-Microsoft platforms — has released
Centrify DirectControl 4.2 for Mac OS X, which adds smart card-based
login to Active Directory for single sign-on to Windows-integrated
services and applications.
Mac users can log on to Microsoft Windows networks through DirectControl 4.2 from Centrify Corp., a provider of Active Directory-based access control and identity management solutions for non-Microsoft platforms. This newest offering for Mac OS X adds smart card-based login to Active Directory for single sign-on to Windows-integrated services and applications. Centrify leverages the PKI. Centrify Express for Smartcard stores this option in the keychain, and you are not prompted to select the certificate again. If you accidentally select the wrong certificate, see appendix A for the steps to remove the certificate from the Centrify Express for Smartcard keychain.
With support for more than 450 platforms, Centrify Services secure and manage the industry's broadest range of operating systems. Select one of the featured platforms to learn more about how Centrify modern PAM Services centrally secure and manage these operating systems.
Centrify Express For Mac Smart Card Balance
Centrify leverages the PKI infrastructure provided by Apple and works
with both Common Access Cards (CAC) and Personal Identity
Verification (PIV) cards as well as with other cards that support the
Apple TokenD interface such as the .NET smart card from Gemalto. With
this capability, government agencies and other organizations can use
smart cards for interactive login from the Mac to all services in the
organization whose access is controlled from Active Directory, not
just the local computer, says David McNeely, director of product
management for Centrify.
DirectControl effectively turns a Mac, UNIX or Linux system into an
Active Directory client, enabling administrators to secure that
system using the same authentication and Group Policy services
currently deployed for their Windows systems. By adding smart card
support to its Mac agent, Centrify enables customers to use Mac
systems in high security environments complying with Homeland
Security Presidential Directive (HSPD) 12 requiring secure and
reliable identification of Federal employee and contractors using PIV
cards.
Centrify Express For Mac Smart Card Holder
DirectControl 4.2 for Mac OS X also adds increased security features
that include allowing organizations to lock the Mac Finder. This is
especially important in schools and universities that allow students
to share Macs but don’t want them to manipulate the system, McNeely
says.
Finder Lock is one of more than 200 Mac-specific Group Policies that
Centrify has developed to help administer Macs from the same
centralized administrative tools from which Windows computers are
managed. Other policies added in this release include enforcement of
a computer policy to require smart card login, a removal policy to
either lock the screen or force a logout when the smart card is
removed, and additional security controls.
With this release, Centrify DirectControl for Mac OS X also includes
a streamlined installation that allows a one-click setup of the Mac
in Active Directory. Centrify’s workstation installer was
specifically designed to enable administrators to deploy
DirectControl on Macs and quickly join them to an Active Directory
domain, McNeely says. In this way the users get prompt access to
network services and administrators can quickly apply policies to the
Macs, he adds.
Centrify Express For Mac Smart Card Application
Centrify DirectControl for Mac OS X Smart Card edition is licensed
for US$90 for one copy and is available in beta now. It will be
available within 90 days. CAC and PIV are supported on Mac OS X
10.5.3 and higher,