Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- Subject: Re: [Fed-Talk] [Smart Cards] Tiger Login - DRAFT
- From: Shawn Geddis <email@hidden>
- Date: Tue, 14 Feb 2006 09:13:04 -0500
On May 24, 2005, at 2:21 PM, Townsend, Trent W ERDC-ITL-MS wrote:
Concerning the actual login process using a CAC on Tiger, has
anyone tried
this when trying to login to an account imposed w/ limits. I have
a user
that needs to access the Disk Utility app, but we do not want him
to have
admin. When I restricted what he could open and allowed access to
Disk
Utility, his login using the CAC failed. In an attempt to get it
to work,
everything available in the limitation menu was checked (list of
things he
had permission to execute.) Still, Tiger "shook its head" at him
after
entering his pin. When the user account was returned to no limits,
everything resumed working properly. I assume these limitations
aren't
allowing the login process to run something it needs to, but I do
not know
what that would be. Anyone ran into this?
Trent Townsend
ERDC Major Shared Resource Center
email@hidden
601.634.4051
Trent,
What you are really referring to without knowing it is granular
modification to the Authorization Rights for a given user or class or
user. You would need to modify /etc/authorization according to your
specific needs . Glance thru the file and you will see various
rights (dict names with a "name.of.right" kind of dotted format)
pertaining to preferences. If you want further guidance before I can
get to publishing a more detailed writeup on the /etc/authorization
file, send me an email message.
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division (Public & Private Sector)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden