Smart card-only login

macos catalina smart-card

We were setting up to only allow user to login into mac using Yubikey by following this article https://support.apple.com/en-us/HT208372

We are now able to login using Yuibikey but mac still allow to use other method to login (password, fingerprint) has anyone be able to solve this problem?


Solution 1:

Maybe you could follow the instructions here to set up "Smart card-only" mode. I had tried it myself and summarized some key points as follows:

  1. Make sure that you have paired your Yubikey with macOS. You could run sc_auth list in Terminal to check;
  2. After installing the profile, you'd better plug out your Yubikey and log out the current admin user.
  3. Then plug in your Yubikey, just wait a second. The password input will change to PIN input. If Yubikey was plugged out, there'll be a note probably says"Smart card is needed".

Hope it helpful~ ^_^

Related

Change Apple ID for a user when the e-mail cannot be confirmed
Using iPhone7 as a microphone for MacBook
Re-install Python on macOS
macOS 10.15.5 screwed up Sound Output device
MacOS does not isolate the apps in the secondary monitor through each Desktop
Can't send or receive MMS on iPhone 8 Plus on Verizon if on WiFi calling
macOS Bluetooth very high retransmission rate
Is there a native way to keep a window always on top in Snow Leopard?
Protect each user account in Lion?
Remove services from context menus (but leave them in the app's Services menu)
Best practices for 2011 Mac mini connected to monitor + HDTV?
Custom Finder "go to" shortcuts