[Fed-Talk] Disabling password login in favor of CAC
[Fed-Talk] Disabling password login in favor of CAC
- Subject: [Fed-Talk] Disabling password login in favor of CAC
- From: email@hidden
- Date: Mon, 28 Aug 2006 17:43:20 -0400 (EDT)
- Importance: Normal
Hi all,
I'm working on implementing CAC logins on the Macs in my department. I've
followed the smart card setup guide and am able to log onto my machine
with my CAC. If I don't put my CAC into the reader, though, I can still
log in with my password...this is not acceptable because it completely
defeats the purpose of requiring CAC logins. I was able to make the
system not accept my password by deleting the ShadowHash entry under
authentication_authority for my account name in NetInfo Manager. With
that item deleted and the CAC out of the reader, I am still able to input
a username and password but the password is no longer accepted and I can
only log in with a CAC and PIN. However, I am now unable to perform any
commands using sudo with either my password or CAC PIN.
So...what I need is a way to ONLY accept CAC logins but still have access
to the sudo functionality on the commandline. I've exhausted my list of
Google search terms without finding any way of doing this. Any help would
be very much appreciated!
TIA,
Eric
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden