Skip to main content
Question

Add SSID without adding it to keychain?


Forum|alt.badge.img+7

Does anyone know if it is possible to add an SSID through jamf (profiles preferably, but even if it's a shell script, that would be fine) without them being added to the keychain? I want to have a secure network for all of our managed devices but not have our employees have the ability to go in to keychain and see what the credentials are.

For reasons that I won't get in to, most of our employees have to have admin accounts unfortunately.

3 replies

bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • 4331 replies
  • March 16, 2015

@robby.barnes In short, No.

If they are admins then they can export/view items in the system keychain.

The only way might be to move to some 802.1x authentication, maybe using certs. As there is no password to connect, instead a cert is used. That cert is often issued via another profile.


davidacland
Forum|alt.badge.img+18
  • Valued Contributor
  • 1811 replies
  • March 16, 2015

I can't think of any way to do it that an admin user wouldn't be able to get access to. I was thinking along the lines of a separate keychain to store the credentials but the password used to unlock it would need to live somewhere.

802.1X is probably your best bet.


Forum|alt.badge.img+7
  • Author
  • Contributor
  • 28 replies
  • March 16, 2015

Alright, that's what I was thinking. Thanks guys


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings