Scenario: we have a mac at our reception desk that multiple people need to use throughout the day. I have enabled smart card only authentication and created local user accounts, and allocated a Yubikey 5 to each user that needs to use the mac.

Signing in from the login screen works great - the user is recognised when they insert their Yubikey and they can quickly sign in with their PIN. I have configured the mac through a profile to lock the screen when the Yubikey is removed.

The part that is not yet working as well as I'd like is the user switching. If one user removes their Yubikey, the lock screen is shown, as expected. When a different user inserts their Yubikey, the lock screen does not recognise this new user - the only way that happens is for the user to click "switch user" on the lock screen. The login screen then dutifully recognises this new user.

So I guess I'm trying to show the login screen when each user removes their Yubikey, rather than the lock screen. How can I force this to happen? It's not the end of the world for the new user to click "switch user" but it sure is a better UX for the new user to be recognised when they insert their key!