Has anyone tested or was able to use one of the NK to allow a login on macOS ? There is a way for competitive Yubikey (Guide) but looks like they use some homebrewn sw ( PAM SO from Yubi ).
Maybe somebody has tried something similar with macOS ? This is ( beside ssh ) one of the core features for me for a Crypto key …
For me it’s also one of the core feature for a crypto key.
Was anyone able to get it working with
https://github.com/frankmorgner/OpenSCToken
I didn’t succeeded so far. No smartcard gets detected by
sudo security list-smartcardsI have not been able for two reasons:
a) I am using GnuPG - which is conflicting with OpenSC. Installing both is not working
b) Runnning out of time: I think there is a possibility to use a certificate on the NK as this will be recognized by macOS standard procedures
I was able to use keychain to store the NK Pin, so that I don’t need to enter that. I use that in combination with ssh-agent from GnuPG and scd-event to script the lookup of the keychain key/value that stores the pin and pre-load th agent cache with that pin.
Works so far, but there is a bug with the scd-event ( from Gnupg) that the event is not fired, when plug-in a token the second time. But it still works, as the event is fired when the script tries to access the token.
Thank you Pacekeeper for your feedback.
So is there anybody else who uses the Nitrokey for the login on MacOS who has some hints how to get it working?
Update from https://support.nitrokey.com/t/will-fido2-also-support-piv/2070/3:
I am also still looking for a Nitrokey that supports a password-less login on a macOS.
And as far as I know password less login on macOS should work with the Nitrokey Pro and OpenSCToken:
Is the NitroKey Pro 2 supported? · Issue #13 · frankmorgner/OpenSCToken · GitHub
But until now, I didn’t got it working:
TKAuthenticationHintsProvider error -11 · Issue #14 · frankmorgner/OpenSCToken · GitHub
I would be very keen if anybody could give me a hint why this is not working.
Linking discussion regarding yubico-pam support on macOS 10.15 Catalina:
@Peacekeeper just FYI our hardware should be supported by their software.
Thanks, I will give it a try , when I have time again.