- Bind multiple certificates to a single username.
- Automatically detect if the certificate is present, otherwise allow password login (which I can keep backed up elsewhere in case I need it.)
- Require a PIN along with the NEO
Below are the steps I took to try and set this up. But here is the fundamental problem/question:
When I insert the NEO, the Password input box flashes, but continues to only accept my password. Any ideas how to fix this? With traditional smartcards, when you insert the smartcard, the Password input box switches and asks for a PIN instead. My guess is that the CCID aspect of the NEO isn't behaving like a traditional smartcard, so Yosemite isn't responding appropriately by requesting a PIN. Maybe there is a different security authorizationdb attribute than the one I used below ("smartcard")?
Thanks for your help!
~~~~~
I've installed OpenSC 0.15.0, insert my NEO with the certificate I want installed on slot 9a, and tried the following commands which work with traditional smartcards:
$ sudo security authorizationdb smartcard enable
$ sudo sc_auth accept -u my_username -h my_key_hash
I can verify that the settings are correct with these commands:
$ sudo security authorizationdb smartcard status
Current smartcard login state: enabled (system.login.console enabled, authentication rule enabled)
YES (0)
$ sc_auth hash -k
my_key_hash PIV AUTH key
$ sc_auth list -u my_username
my_key_hashStatistics: Posted by mruser100 — Fri Sep 18, 2015 2:28 pm
]]>