Re: [Fed-Talk] Using smartcard to lock/unlock filevault
Re: [Fed-Talk] Using smartcard to lock/unlock filevault
- Subject: Re: [Fed-Talk] Using smartcard to lock/unlock filevault
- From: Shawn Geddis <email@hidden>
- Date: Tue, 12 Dec 2006 14:30:15 -0500
On Dec 12, 2006, at 10:17 AM, Timothy J. Miller wrote:
I bugged this in a recent 10.4.x seed, but never heard anything
back. Suggest logging it as a bug with Apple and seeing what they
say. The more independent reports they get the higher priority it
gets.
-- Tim
From: Trent Townsend <email@hidden>
Date: December 11, 2006 5:34:50 PM EST
To: Fed Talk <email@hidden>
Cc: Shawn Geddis <email@hidden>, Neal Emerald <email@hidden>
Subject: Using smartcard to lock/unlock filevault
Classification: UNCLASSIFIED
Below is an excerpt from an email to this list from Shawn Geddis.
My question is does anyone know if any progress has been made on
this front? We use CAC to login and the password is disabled. Do
we have to enable the password auth just to use FileVault?
3) As of 10.4.0, Smart Card Login does not currently support the
unlocking of FileVault protected Home Directories
---- You can create Encrypted Images for your folders inside your
Home Directory and unlock them manually at login
Folks,
Let me save you some time and keystrokes....
We are well aware of how nice and appropriate it would be to unlock a
FileVault account using your supported smart card as is done currently
without FileVault.
Keep in mind that FileVaultâ„¢ is an Encrypted Disk Image which is
managed (at the lowest levels) with 'hdiutil'. Those wanting or
needing a student exercise can 'man hdiutil' and glean quite a bit
about additional handling of encrypted images that can be done today
as well.
No need to submit any Enhancement Requests on this topic...
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division (Public & Private Sector)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden