Help

Add SSID without adding it to keychain?

robby_barnes
New Contributor III

Posted on ‎03-15-2015 07:27 PM

Does anyone know if it is possible to add an SSID through jamf (profiles preferably, but even if it's a shell script, that would be fine) without them being added to the keychain? I want to have a secure network for all of our managed devices but not have our employees have the ability to go in to keychain and see what the credentials are.

For reasons that I won't get in to, most of our employees have to have admin accounts unfortunately.

0 Kudos
Reply
3 REPLIES 3

bentoms
Release Candidate Programs Tester

Posted on ‎03-16-2015 01:07 AM

@robby.barnes In short, No.

If they are admins then they can export/view items in the system keychain.

The only way might be to move to some 802.1x authentication, maybe using certs. As there is no password to connect, instead a cert is used. That cert is often issued via another profile.

0 Kudos
Reply

davidacland
Honored Contributor II

Posted on ‎03-16-2015 05:00 AM

I can't think of any way to do it that an admin user wouldn't be able to get access to. I was thinking along the lines of a separate keychain to store the credentials but the password used to unlock it would need to live somewhere.

802.1X is probably your best bet.

0 Kudos
Reply

robby_barnes
New Contributor III

Posted on ‎03-16-2015 10:42 AM

Alright, that's what I was thinking. Thanks guys

0 Kudos
Reply