Enforce Smart Card Use broken in 10.15.7?

obi-k
Valued Contributor II

After upgrading a couple of Macs to 10.15.7, I can now log in using my password when I unplug the Smart Card. I ensured the configuration profile with the payload to "Enforce Smart Card Use" is still installed.

Now with the 10.15.7 update, I can unplug the Smart Card (screen saver kicks in) and log in using a password or Touch ID. Macs prior to 10.15.7 were fine, including Mojave, High Sierra.

Anyone else seeing this?

1 ACCEPTED SOLUTION

golbiga
Contributor III
Contributor III

I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.

Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.

View solution in original post

4 REPLIES 4

golbiga
Contributor III
Contributor III

I just tested my 10.15.7 systems and I cannot log in with a password. I get the smartcard is required message at the Lock Screen. We don’t set the tokenRemovaAction key so I can’t say if that is affecting this.

Is it possible your account is in the NotEnforced group listed in /etc/Smartcardlogin.plist? This is only available in 10.15 and up.

obi-k
Valued Contributor II

I'm using my AD account on 2 different computers. The only thing that changed was 10.15.6 to 10.15.7. I can try reapplying the SmartCardlogin.plist to see if that helps.

boberito
Valued Contributor

Smartcard enforcement working great for me too here with 10.15.7

obi-k
Valued Contributor II

Yeah, 100 percent my bad. Thanks @golbiga, I set up the Not Enforced group incorrectly. All is working now, even on 10.15.7. Thank you all.