+20After upgrading a couple of Macs to 10.15.7, I can now log in using my password when I unplug the Smart Card. I ensured the configuration profile with the payload to "Enforce Smart Card Use" is still installed.
Now with the 10.15.7 update, I can unplug the Smart Card (screen saver kicks in) and log in using a password or Touch ID. Macs prior to 10.15.7 were fine, including Mojave, High Sierra.
Anyone else seeing this?
Best answer by golbiga
I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.
Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.
+21I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.
Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.
+20I'm using my AD account on 2 different computers. The only thing that changed was 10.15.6 to 10.15.7. I can try reapplying the SmartCardlogin.plist to see if that helps.
+22Smartcard enforcement working great for me too here with 10.15.7
+20Yeah, 100 percent my bad. Thanks @golbiga, I set up the Not Enforced group incorrectly. All is working now, even on 10.15.7. Thank you all.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.