Activate screensaver with token
Hello, Does anyone know how to configure activating the screensaver after pulling your token out of the CAC reader? Thanks, Lance
On Mar 22, 2016, at 6:09 PM, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil> wrote: Hello, Does anyone know how to configure activating the screensaver after pulling your token out of the CAC reader?
Lance, If you already have enabled use of smartcards for login, you can simply click on on the “Advanced…” tab at the lower right-hand corner. System Preferences -> Security & Privacy -> Advanced… This could be scripted with the following commands (Replace <username> with the actual account name): (This ends up being the easiest syntax for many) sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist You can also READ what the settings are using ‘defaults': $ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver Which would give you the following: { askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; } - Shawn _____________________________________________________________________ Shawn Geddis geddis@{Mac | Me | iCloud}.com Security and Certifications Engineer, Apple geddis@apple.com Smart Card Services Project/Dev Lead: Project Wiki: [SmartCardServices.MacOSFforge.Org <http://smartcardservices.macosfforge.org/>] Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>] SCS Contact: [scs-cotact@macosforge.org <mailto:scs-cotact@macosforge.org>] SCS Admin: [scs-admin@macosforge.org <mailto:scs-admin@macosforge.org>] _____________________________________________________________________
Hi Shawn, Yes, I already enabled smart cards for login. So I guess I’m having another issue as I’ve set that option but my screensaver still doesn’t turn on after I pull my CAC. The read command returns correct information. sh-3.2# defaults read /Users/myuser/Library/Preferences/com.apple.screensaver.plist { askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; } Is there anything else I can check? Thanks, Lance
On Mar 22, 2016, at 6:47 PM, Shawn Geddis <geddis@icloud.com> wrote:
On Mar 22, 2016, at 6:09 PM, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil <mailto:lance.terada.ctr@mhpcc.hpc.mil>> wrote: Hello, Does anyone know how to configure activating the screensaver after pulling your token out of the CAC reader?
Lance,
If you already have enabled use of smartcards for login, you can simply click on on the “Advanced…” tab at the lower right-hand corner.
System Preferences -> Security & Privacy -> Advanced… <Screen Shot 2016-03-22 at 6.32.51 PM.png>
This could be scripted with the following commands (Replace <username> with the actual account name): (This ends up being the easiest syntax for many)
sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist
You can also READ what the settings are using ‘defaults':
$ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver
Which would give you the following:
{ askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; }
- Shawn _____________________________________________________________________ Shawn Geddis geddis@{Mac | Me | iCloud}.com Security and Certifications Engineer, Apple geddis@apple.com <mailto:geddis@apple.com>
Smart Card Services Project/Dev Lead: Project Wiki: [SmartCardServices.MacOSFforge.Org <http://smartcardservices.macosfforge.org/>] Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>] SCS Contact: [scs-cotact@macosforge.org <mailto:scs-cotact@macosforge.org>] SCS Admin: [scs-admin@macosforge.org <mailto:scs-admin@macosforge.org>] _____________________________________________________________________
Le 23 mars 2016 à 19:10, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil> a écrit :
Hi Shawn,
Yes, I already enabled smart cards for login. So I guess I’m having another issue as I’ve set that option but my screensaver still doesn’t turn on after I pull my CAC. The read command returns correct information.
Is there anything else I can check?
Did you restart your computer since you’ve set this setting? Or at least killed the cfprefsd service ? Look at the syslog when you remove the smart card to see if the removal is correctly seen.
On Mar 22, 2016, at 6:47 PM, Shawn Geddis <geddis@icloud.com <mailto:geddis@icloud.com>> wrote:
sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist
You can also READ what the settings are using ‘defaults':
$ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver
Don’t forget cfprefsd when editing plist files on disk. If you use defaults, cfprefsd is updated, but if you use anything else the caching service isn’t updated and your new settings never used.
I did restart my computer. The syslog shows that the removal is seen correctly. Can you explain about the cashing service as I used the “defaults” to read but “plistbuddy” to set the options in com.apple.screensaver.plist as noted below. How can I determine what the cashing service settings are seeing? Thanks, Lance
On Mar 23, 2016, at 10:28 PM, Yoann Gini <yoann.gini@gmail.com> wrote:
Le 23 mars 2016 à 19:10, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil <mailto:lance.terada.ctr@mhpcc.hpc.mil>> a écrit :
Hi Shawn,
Yes, I already enabled smart cards for login. So I guess I’m having another issue as I’ve set that option but my screensaver still doesn’t turn on after I pull my CAC. The read command returns correct information.
Is there anything else I can check?
Did you restart your computer since you’ve set this setting? Or at least killed the cfprefsd service ?
Look at the syslog when you remove the smart card to see if the removal is correctly seen.
On Mar 22, 2016, at 6:47 PM, Shawn Geddis <geddis@icloud.com <mailto:geddis@icloud.com>> wrote:
sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist
You can also READ what the settings are using ‘defaults':
$ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver
Don’t forget cfprefsd when editing plist files on disk.
If you use defaults, cfprefsd is updated, but if you use anything else the caching service isn’t updated and your new settings never used.
Lance, Which OS are you using? From having to deal with a similar problem in OS X 10.10 Yosemite with my customers, I'm aware of a known problem on that one OS version. Regards, Jim Thomas Senior Support Engineer Thursby Software Systems, Inc. jim@thursby.com On 3/23/16 1:10 PM, Lance Terada, CTR wrote:
Hi Shawn,
Yes, I already enabled smart cards for login. So I guess I’m having another issue as I’ve set that option but my screensaver still doesn’t turn on after I pull my CAC. The read command returns correct information.
sh-3.2# defaults read /Users/myuser/Library/Preferences/com.apple.screensaver.plist { askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; }
Is there anything else I can check?
Thanks, Lance
On Mar 22, 2016, at 6:47 PM, Shawn Geddis <geddis@icloud.com <mailto:geddis@icloud.com>> wrote:
On Mar 22, 2016, at 6:09 PM, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil <mailto:lance.terada.ctr@mhpcc.hpc.mil>> wrote: Hello, Does anyone know how to configure activating the screensaver after pulling your token out of the CAC reader?
Lance,
If you already have enabled use of smartcards for login, you can simply click on on the “Advanced…” tab at the lower right-hand corner.
System Preferences -> Security & Privacy -> Advanced… <Screen Shot 2016-03-22 at 6.32.51 PM.png>
This could be scripted with the following commands (Replace <username> with the actual account name): (This ends up being the easiest syntax for many)
sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist
You can also READ what the settings are using ‘defaults':
$ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver
Which would give you the following:
{ askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; }
- Shawn _____________________________________________________________________ Shawn Geddisgeddis@{Mac | Me | iCloud}.com Security and Certifications Engineer, Apple geddis@apple.com <mailto:geddis@apple.com>
Smart Card Services Project/Dev Lead: Project Wiki: [SmartCardServices.MacOSFforge.Org <http://smartcardservices.macosfforge.org/>] Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>] SCS Contact: [scs-cotact@macosforge.org <mailto:scs-cotact@macosforge.org>] SCS Admin: [scs-admin@macosforge.org <mailto:scs-admin@macosforge.org>] _____________________________________________________________________
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
Jim, I’m on El Captian 10.11 and using a mobile (local) account. Lance
On Mar 24, 2016, at 8:40 AM, Jim Thomas <jim@thursby.com> wrote:
Lance,
Which OS are you using? From having to deal with a similar problem in OS X 10.10 Yosemite with my customers, I'm aware of a known problem on that one OS version.
Regards,
Jim Thomas Senior Support Engineer Thursby Software Systems, Inc. jim@thursby.com <mailto:jim@thursby.com>
On 3/23/16 1:10 PM, Lance Terada, CTR wrote:
Hi Shawn,
Yes, I already enabled smart cards for login. So I guess I’m having another issue as I’ve set that option but my screensaver still doesn’t turn on after I pull my CAC. The read command returns correct information.
sh-3.2# defaults read /Users/myuser/Library/Preferences/com.apple.screensaver.plist { askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; }
Is there anything else I can check?
Thanks, Lance
On Mar 22, 2016, at 6:47 PM, Shawn Geddis <geddis@icloud.com <mailto:geddis@icloud.com>> wrote:
On Mar 22, 2016, at 6:09 PM, Lance Terada, CTR <lance.terada.ctr@mhpcc.hpc.mil <mailto:lance.terada.ctr@mhpcc.hpc.mil>> wrote: Hello, Does anyone know how to configure activating the screensaver after pulling your token out of the CAC reader?
Lance,
If you already have enabled use of smartcards for login, you can simply click on on the “Advanced…” tab at the lower right-hand corner.
System Preferences -> Security & Privacy -> Advanced… <Screen Shot 2016-03-22 at 6.32.51 PM.png>
This could be scripted with the following commands (Replace <username> with the actual account name): (This ends up being the easiest syntax for many)
sudo /usr/libexec/plistbuddy -c "Add:tokenRemovalAction integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPassword integer 1" /Users/<username>/Library/Preferences/com.apple.screensaver.plist sudo /usr/libexec/plistbuddy -c "Add:askForPasswordDelay integer 0" /Users/<username>/Library/Preferences/com.apple.screensaver.plist
You can also READ what the settings are using ‘defaults':
$ sudo defaults read /Users/<username>/Library/Preferences/com.apple.screensaver
Which would give you the following:
{ askForPassword = 1; askForPasswordDelay = 0; tokenRemovalAction = 1; }
- Shawn _____________________________________________________________________ Shawn Geddis geddis@{Mac | Me | iCloud}.com Security and Certifications Engineer, Apple <mailto:geddis@apple.com>geddis@apple.com <mailto:geddis@apple.com>
Smart Card Services Project/Dev Lead: Project Wiki: [SmartCardServices.MacOSFforge.Org <http://smartcardservices.macosfforge.org/>] Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>] SCS Contact: [ <mailto:scs-cotact@macosforge.org>scs-cotact@macosforge.org <mailto:scs-cotact@macosforge.org>] SCS Admin: [ <mailto:scs-admin@macosforge.org>scs-admin@macosforge.org <mailto:scs-admin@macosforge.org>] _____________________________________________________________________
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org <mailto:SmartcardServices-Users@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users <https://lists.macosforge.org/mailman/listinfo/smartcardservices-users>
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
participants (4)
-
Jim Thomas
-
Lance Terada, CTR
-
Shawn Geddis
-
Yoann Gini