Jamf Nation Community

mvu · ‎10-02-2020

After upgrading a couple of Macs to 10.15.7, I can now log in using my password when I unplug the Smart Card. I ensured the configuration profile with the payload to "Enforce Smart Card Use" is still installed.

Now with the 10.15.7 update, I can unplug the Smart Card (screen saver kicks in) and log in using a password or Touch ID. Macs prior to 10.15.7 were fine, including Mojave, High Sierra.

Anyone else seeing this?

golbiga · ‎10-02-2020

I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.

Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.

View solution in original post

golbiga · ‎10-02-2020

I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.

Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.

mvu · ‎10-03-2020

I'm using my AD account on 2 different computers. The only thing that changed was 10.15.6 to 10.15.7. I can try reapplying the SmartCardlogin.plist to see if that helps.

boberito · ‎10-04-2020

Smartcard enforcement working great for me too here with 10.15.7

mvu · ‎10-05-2020

Yeah, 100 percent my bad. Thanks @golbiga, I set up the Not Enforced group incorrectly. All is working now, even on 10.15.7. Thank you all.

Jamf Nation Community

Enforce Smart Card Use broken in 10.15.7?