ADmitMac for CAC (AFC) securely integrates U.S. Department of Defense Common Access Cards (CAC) with Apple Macintosh computers. AFC provides a single sign-on environment, verifying a CAC against a centralized network authority. AFC obtains Kerberos tickets using CAC certificates, makes these tickets available to “Kerberized” applications, locks the computer upon removal of a CAC, and protects the computer from unauthorized use when it wakes from sleep.
This new version now enables E-mail user access to Exchange using Entourage or OWA without needing passwords. AFC takes care of authentication to Exchange servers.
Security goes far beyond a simple verification of the PIN against the CAC. With AFC, the card itself is challenged to ensure that neither the card nor the privileges granted the user have been revoked. When a CAC is inserted into a Macintosh, AFC changes the normal login screen and challenges the user to enter their CAC PIN authorization. Upon verification of the user’s PIN, AFC then obtains the proper network credentials from the Active Directory.
