To test the configuration, press Command+Ctrl+Q to lock the Mac. Press Ctrl+X, Y, and then Enter, to save the file.Add the line below above the account required pam_opendirectory.so line.Īuth required /usr/local/lib/security/pam_yubico.so mode=challenge-response.When prompted, type your password and press Enter.Now the Mac can be configured to require two-factor authentication for the screensaver. Check the Require password option and select immediately.To get started, make sure your Mac is set to require a password as soon as the screen saver starts. This is achieved by enabling the requirement only for the screensaver first if something goes wrong and it does not work you can reboot your Mac and log in normally with just your password. Testing the Configurationīefore you enable mandatory two-factor authentication on your Mac, you should verify that the configuration works. If you are reconfiguring the YubiKey with a new challenge-response secret, you need to delete this file before running the ykpamcfg -2command. Note: If you receive an error similar to File /Users/username/.yubico/challenge-7122584 already exists, refusing to overwritethis indicates you have already associated this YubiKey with your account. Repeat these steps for any additional YubiKeys that you want to use. If you previously checked the Require touch option, then when the indicator on the YubiKey starts flashing, touch the sensor button on the key.
Associating Your YubiKeys with Your Account It is highly recommended to set up a spare YubiKey in order to be able to access your Mac in case the main YubiKey is lost or broken. ( Optional) Check the Require touchoption if you want to require a touch to the metal contact on the YubiKey to approve challenge-response actions.Click Generate, to generate a new secret.
0 kommentar(er)
