Is there a similar command which can be used to substitute a cert for the Master Password? Seems silly to protect a single user that way if you can still use a plain old password as a go-around. On Oct 13, 2010, at 1:37 PM, Shawn A. Geddis wrote:
Your most appropriate protection of the User's Login Keychain is to protect it with the Smart Card and not the PIN.
How do you do that ?
$ sudo systemkeychain -T /Volumes/<user>/Library/keychains/login.keychain
I notice this does not appear in the man page for systemkeychain (ie. 'man systemkeychain'), but it does appear in the 'usage' for systemkeychain ('$ systemkeychain') -- so many of you may never have known this. It has been around for quite sometime and I know I have conveyed it in many different forums, but there are many new people on these lists who may benefit from this.
$ systemkeychain Usage: systemkeychain -C [passphrase] # (re)create system root keychain systemkeychain [-k destination-keychain] -s source-keychain ... systemkeychain -T token-protected-keychain-name
-Shawn
------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu