Make that system flexible and you can change the password daily or just when needed. None of these will be less work than changing the password and setting up a way to distribute that password to only the mobile devices for the users allowed to know the new password. Yubico documents the /etc/pam.d/authorization file you would change and also walks you through how you would modify the system (SIP prevents this change on recent OS releases) to run the code needed to validate or deny the login event. There are dozens of other companies and this uses the same hooks that smart card readers do to make OS X enforce additional code execution before a user can log in with the password. Here are two much better engineered solutions to modify the OS X authentication chain for two factor:
Type in your Mac’s password and click Unlock. Click the lock icon located on the lower left part of the screen. If your Mac will prompt you with a dialog regarding Screen Recording, click Open System Preferences. I've used and it's more of a novelty than something I would trust in production. A hand gesture overview appears on the screen of your iOS device. Without some sort of SMS group pool or server side setup, I don't think you'll find a pre-made solution. Where you will run into issues is having an N-to-one relation between one user account and multiple people's mobile phones. There are dozens of 2FA pam plugins as well as automation tools to allow one user account to be tied to one iOS device or one iCloud account.
0 kommentar(er)
