Apologies for the cross post...
After enabling PIV authentication on macOS Sierra users can still bypass PIV and login with a password, is there a way to disable password authentication for a user and only allow PIV with a PIN as the authentication method?
With regards to setting up PIV authentication for SSH on OS X I can only find instructions (
https://developers.yubico.com/yubico-pi ... KCS11.html) based on the scenario where certificates have not yet been generated and PIV is not enabled for macOS graphical authentication.
Are there instructions that show what to do if a Yubikey has already been provisioned with PIV certificates and you're configuring SSH authentication AS WELL as graphical login? Is it just a case of exporting the certificates that have already been generated via the PIV tool and transposing them as needing in the above instructions? I'd prefer something written by someone with more knowledge rather than me just fiddling around