Has anyone tested or was able to use one of the NK to allow a login on macOS ? There is a way for competitive Yubikey (Guide) but looks like they use some homebrewn sw ( PAM SO from Yubi ).
Maybe somebody has tried something similar with macOS ? This is ( beside ssh ) one of the core features for me for a Crypto key …
I have not been able for two reasons:
a) I am using GnuPG - which is conflicting with OpenSC. Installing both is not working
b) Runnning out of time: I think there is a possibility to use a certificate on the NK as this will be recognized by macOS standard procedures
I was able to use keychain to store the NK Pin, so that I don’t need to enter that. I use that in combination with ssh-agent from GnuPG and scd-event to script the lookup of the keychain key/value that stores the pin and pre-load th agent cache with that pin.
Works so far, but there is a bug with the scd-event ( from Gnupg) that the event is not fired, when plug-in a token the second time. But it still works, as the event is fired when the script tries to access the token.