I was wondering if anyone has this set up in their environment? Most machines are Monterey, but there are a few Big Sur machines.
I tried setting it up and was encountering a few issues. When I restart the machine, it does not read the Yubikey. Will I need a 2nd piece of software to allow it to log in from restart?
Is it possible to leave the account as a local user, and still enforce the verification of certificate?
Yubikeys work as a charme on Mac without any extra software. Big Sur had some issues when using keys with USB docks or when unplugging/replugging multiple time.
But as of Monterey everything is very reliable.