[SmartcardServices-Users] Activate screensaver with token
Lance Terada, CTR
lance.terada.ctr at mhpcc.hpc.mil
Mon Mar 28 13:04:59 PDT 2016
The defaults write command didn’t work for me either.
I ran the two dscl commands and got my hash information for the AuthenticationAuthority option and “No such key: OriginalAuthenticationAuthority” for the other.
Thanks,
Lance
> On Mar 24, 2016, at 9:29 PM, Yoann Gini <yoann.gini at gmail.com> wrote:
>
>
>> Le 24 mars 2016 à 20:25, Daly, John L CIV NAVAIR, 4G0000D <john.l.daly at navy.mil> a écrit :
>>
>> would defaults write com.apple.screensaver tokenRemovalAction 1
>>
>> get around the caching issue?
>
> Yes, as soon as you use defaults to manipulate defaults user domain you don’t have any issues with the caching service.
>
> For what I understand this service is linked with the sandbox. It manages access right to preference domains (private and shared one).
>
> The thing is, plist files aren’t directly read by Cocoa and Carbon API. Preferences are read in cfprefsd memory. So killing cfprefsd is needed when you deploy new preferences via file instead of regular API.
>
>> I note that my accounts do all show tokenRemovalAction 1, and pulling the CAC from the machine causes the screensaver to activate. It's just when I go to unlock the screensaver, the CAC doesn't work if it's a mobile or local account, only works if it's a network account.
>
> This might be linked to authentication mechanism and AuthenticationAuthority settings.
>
> If the screen saver activates when you remove the card, this setting is working. If when you put back the card the screensaver doesn’t ask for a PIN code, this is linked to authentication.
>
> How do you manage the link between local account and smart card in your tests?
>
> What’s the result of those two commands:
>
> dscl /Local/Default read /Users/<mobile_account> AuthenticationAuthority
> dscl /Local/Default read /Users/<mobile_account> OriginalAuthenticationAuthority
>
> I’m wondering if authentication caches have the right settings to use smart cards.
>
> I haven’t played for a long time with SmartCard on OS X. I will try to find time to make a new lab setup and write an updated documentation for 10.11.
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6035 bytes
Desc: not available
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20160328/95672d69/attachment.p7s>
More information about the SmartcardServices-Users
mailing list