| Yubico Forum https://forum.yubico.com/ |
|
| [Q?] Local certificate login to OS X with NEO https://forum.yubico.com/viewtopic.php?f=23&t=2036 |
Page 1 of 1 |
| Author: | mruser100 [ Fri Sep 18, 2015 2:28 pm ] |
| Post subject: | [Q?] Local certificate login to OS X with NEO |
I'd like to enable logging into OS X Yosemite with certificates. This should allow 3 functionalities that I'm not sure that Yubico-PAM gives (correct me if I'm wrong)
Below are the steps I took to try and set this up. But here is the fundamental problem/question: When I insert the NEO, the Password input box flashes, but continues to only accept my password. Any ideas how to fix this? With traditional smartcards, when you insert the smartcard, the Password input box switches and asks for a PIN instead. My guess is that the CCID aspect of the NEO isn't behaving like a traditional smartcard, so Yosemite isn't responding appropriately by requesting a PIN. Maybe there is a different security authorizationdb attribute than the one I used below ("smartcard")? Thanks for your help! ~~~~~ I've installed OpenSC 0.15.0, insert my NEO with the certificate I want installed on slot 9a, and tried the following commands which work with traditional smartcards: $ sudo security authorizationdb smartcard enable $ sudo sc_auth accept -u my_username -h my_key_hash I can verify that the settings are correct with these commands: $ sudo security authorizationdb smartcard status Current smartcard login state: enabled (system.login.console enabled, authentication rule enabled) YES (0) $ sc_auth hash -k my_key_hash PIV AUTH key $ sc_auth list -u my_username my_key_hash |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|