can you map identities (certificates) to user accounts in OSX? how?

The SafeSign/AET Token Lounge application enables you to map user certificates to local OSX accounts. I haven't tried this yet though.
I don't know if there are other (free/opensource) applications that can do this.

Could you please give me clue, where I can download SafeSign 3.0 ?

The SafeSign software isn't freely downloadable. You should contact EAT Europe for a copy. They do have evaluation versions of the software.

I have strange behavior of my smart cart reader. I have Omnikey 3121. My system is 10.5.6 (tested with 10.5.7 too)
pcscdtest - completed successefully. But my keychain doesn't see my smartcard (its HID Crescendo iClass)
Its doesn't apear in keychain like CACxxxx.
What you can suggest ?

Hi Alex, I guess the keychain integration just isn't there. I struggled with this in the beginning as well. At one point I got the smartcard working under firefox, but I had the problem that I couldn't figure out how to get a new certificate on it or even use it properly. Soon after that I heard that AET had the appropriate middle-ware to combine things together into a working environment.
When I had that working I stopped pursuing other means of getting it to work.

Perhaps http://www.cms.hu-berlin.de/dl/zertifizierung/SC/Einsatz/Install-MacOSX_html" rel="nofollow">this link will help.

Dear Willem,

Thank you for this link. But looks, like ftp with additional software, that mention on this site is always down.
Anyway, I have found this manual, that told, that my card should work under Mac OS X with Keychain: http://www.hidglobal.com/documents/crescendo_macOSX_Guide_en.pdf
Pgae 4 of it says:
"TokenLounge is the TokenD implementation for the MAC OS X Keychain.
It can be found (like any other TokenD implementations) in: System/Library/Security/Tokend/SafeSign.tokend"

I don't have SafeSign.tokend in my system. What problem may be with ?

@alex
TokenLounge and (anything mentioning) SafeSign is part of the AET Europe software.
Note that they are two different software packages if I recall correctly.
One is the driver/middleware and the other is the TokenLoung software for integrating into several OSX applications (like keychain).

Thank you, Willem,

Thank you for the clue. Yes, I missed this. Looks like TokenLounge is not free software, so I should buy it.

We are looking at file/folder encryption on os x server . Would
like to give access to these files to various users
on network with hardware token .

What is the best option to achieve this

@Manoj
That depends entirely on:
1) What you're trying to achieve
2) The budget available

Should the content always be encrypted on the server (to prevent data-leakage when the server is stolen), or it to ensure that someone with physical access can't access the data?
If a user can access the data over the network, the transit over the network (and temporary storage on the user PC) should also be safeguarded.

So this can't be easily answered, and as Johnny Five would say; 'Need more input'.

PGP has some commercial solutions in keeping data safe on PC's, servers and for data in transit, but I don't know if they are all available for OSX.

Thanks a LOT for your information! I finally managed to use my certificate on a Mac! I successfully used it on Firefox.

I used SafeSign 3.0 on SL (10.6.2).

I wonder if, with SafeSign (no TokenLounge here), I could also use my certificate with Safari.

how, could I have the link of Safesign 3 for snow leopard (mac) or Tokenlounge.dmg

Thanks and regards