Re: [Fed-Talk] Smart card login and unlocking login keychain
Re: [Fed-Talk] Smart card login and unlocking login keychain
- Subject: Re: [Fed-Talk] Smart card login and unlocking login keychain
- From: Paul Nelson <email@hidden>
- Date: Wed, 22 Jul 2009 14:50:00 -0500
- Thread-topic: [Fed-Talk] Smart card login and unlocking login keychain
There is a way to do it, but you have to create the account from scratch.
Check out 'man tokenadmin'
You might think about creating an account from scratch, then put the
resulting keychain file in your own account to see how it works.
Paul Nelson
Thursby Software Systems, Inc.
> From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
> Date: Wed, 22 Jul 2009 15:01:05 -0400
> To: Apple Fed Talk <email@hidden>
> Subject: [Fed-Talk] Smart card login and unlocking login keychain
>
> Does anyone know if it's possible to have a user's login keychain unlock
> automatically as part of the user logging in via a smartcard?
>
> Now that I've been issued a PIV card at my federal agency, I'm starting to
> experiment with smartcard-based login on my OS X (10.5.7) machines. I've
> bound my local account to the hash key for my PIV card authentication cert,
> and that part works perfectly -- when I insert my PIV card, the "Password"
> prompt changes to a "PIN" prompt, and all is good.
>
> Unfortunately, logging in with my PIV card doesn't also unlock my login
> keychain -- whenever I log in, the first time I do something that would
> require data stored in my keychain, I'm prompted for the password for the
> keychain to unlock it.
>
> Is there a way to change this behavior?
>
> Thanks...
> Jason Levine
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden