Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tokenadmin(8) [osx man page]

tokenadmin(8)						    BSD System Manager's Manual 					     tokenadmin(8)

tokenadmin -- Command-line interface to smartcards and other token-based keychains SYNOPSIS
tokenadmin [-hqv] command [command_options] [command_args] DESCRIPTION
A command-line tool to administer smartcards and other token-based keychains. OPTIONS
-h With no arguments, shows a list of all commands. If arguments are provided, shows usage for each of the specified commands. Same as the help command. -q Makes tokenadmin less verbose. -v Makes tokenadmin more verbose. COMMANDS
Note: all commands other than help take the -h option to display help. help Shows all commands. create-fv-user -u short-name -l long-name [-p password] Creates a new FileVaulted user protected by the inserted smart card or token. Options: -u short-name Specify the short (i.e., login) name to be used for the account. -l long-name Specify the full name to be used for the account. If the full name contains spaces, the name must be enclosed by quotation marks. -p password Password for the user's login keychain (optional). EXAMPLE
tokenadmin create-fv-user -u fvtest3 -p foo -l "FV Test User 3" Create a new FileVaulted user with short name "fvtest3" and full name "FV Test User 3", with the new FileVault image being protected by the inserted token. The password for the user's login keychain is "foo". Note: after creating this user with tokenadmin, you must run "sc_auth accept -u fvtest3" or this user will not be able to log in. SEE ALSO
security(1), sc_auth(8), systemkeychain(8) NOTES
tokenadmin will eventually be merged into the security(1) command. Darwin June 2, 2019 Darwin

Check Out this Related Man Page

sc_auth(8)						    BSD System Manager's Manual 						sc_auth(8)

sc_auth -- SmartCard authorization setup script SYNOPSIS
sc_auth pair [-v] -u user -h hash sc_auth unpair [-v] [-u user] [-h hash] sc_auth pairing_ui [-v] [-f] [-s enable|disable|status] sc_auth identities sc_auth list [-v] [-u user] [-d domain] sc_auth changepin [-t tokenid] [-u] sc_auth enable_for_login -c class-id SYNOPSIS - legacy sc_auth accept [-v] [-u user] [-d domain] [-k keyname] sc_auth accept [-v] [-u user] [-d domain] -h hash sc_auth remove [-v] [-u user] [-d domain] sc_auth hash [-k keyname] DESCRIPTION
sc_auth configures a local user account to permit authentication using a supported SmartCard. Authentication is via asymmetric key (also known as public-key) encryption. sc_auth works with signing keys, but not encryption keys. sc_auth can perform the following actions: pair Associate a user with a public key. Because user's keychain will be modified to be unlockable by a key, SmartCard with that key must be present in the reader. The key to use has to be specified by its hash. unpair Remove association with a user and keychain. If no specific hash is provided, all associations with a user are removed. pairing_ui Enable, disable and force to display pairing dialog when card with unpaired identities is inserted identities List all identities on all SmartCards and display appropriate associations with users (for associated keys) or key names (for unas- sociated keys). list List all public keys associated with a user. changepin Change or unblock SmartCard PIN. This command works only for Personal Identity Verification (PIV) SmartCards. With -u argument, PIN can be unblocked using PUK and without the -u argument, PIN can be changed. Optional -t argument allows specifying tokenID. enable_for_login Enable the app extension for login and make the token available to the system for authentication. DESCRIPTION - legacy sc_auth can perform the following legacy actions: accept Associate a user with a public key on a card. The key to use can be specified either by its name or its hash. remove Remove all public keys associated with a user. hash Print the hashes for all keys on all inserted cards. OPTIONS
-u user Specifies the user whose account is to be modified -d domain Specifies the directory domain containing the user account -k keyname Specifies a public key by its name -h hash Specifies a public key by its hash -v Verbose mode -f Force to display pairing dialog -t tokenid Specifies a token by tokenID -c class-id Specifies a token by '' from Info.plist NOTES
sc_auth is a shell script. It is intended to be modified by administrators to suit their local environments. sc_auth is only known to work with a local directory. Consult the script's source for some limited guidance to using remote directories. SEE ALSO
SmartCardServices(7), SmartCardServices-legacy(7), pam_smartcard(8) MacOSX December 11, 2006 MacOSX
Man Page