Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:34 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Fri Sep 18, 2015 2:28 pm 
Offline

Joined: Mon Aug 31, 2015 10:26 pm
Posts: 1
I'd like to enable logging into OS X Yosemite with certificates. This should allow 3 functionalities that I'm not sure that Yubico-PAM gives (correct me if I'm wrong)
  • Bind multiple certificates to a single username.
  • Automatically detect if the certificate is present, otherwise allow password login (which I can keep backed up elsewhere in case I need it.)
  • Require a PIN along with the NEO

Below are the steps I took to try and set this up. But here is the fundamental problem/question:
When I insert the NEO, the Password input box flashes, but continues to only accept my password. Any ideas how to fix this? With traditional smartcards, when you insert the smartcard, the Password input box switches and asks for a PIN instead. My guess is that the CCID aspect of the NEO isn't behaving like a traditional smartcard, so Yosemite isn't responding appropriately by requesting a PIN. Maybe there is a different security authorizationdb attribute than the one I used below ("smartcard")?

Thanks for your help!

~~~~~

I've installed OpenSC 0.15.0, insert my NEO with the certificate I want installed on slot 9a, and tried the following commands which work with traditional smartcards:

$ sudo security authorizationdb smartcard enable
$ sudo sc_auth accept -u
my_username -h my_key_hash

I can verify that the settings are correct with these commands:

$ sudo security authorizationdb smartcard status
Current smartcard login state: enabled (system.login.console enabled, authentication rule enabled)
YES (0)

$ sc_auth hash -k
my_key_hash PIV AUTH key
$ sc_auth list -u my_username
my_key_hash


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group