This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.
Enable smart card-only login
Before you start, you need to mount the SD or micro SD card on your Mac. If you have a Mac with an SD card slot, use that. If not, you’ll need an SD card adapter like the Anker 8-in-1 card reader. Import from a card reader or SD card Some Mac computers have built-in SD card slots. If yours doesn’t, you can connect a device called a card reader that is compatible with your Mac and use it to import photos from a memory card, such as an SD or Compact Flash card. Browse the top-ranked list of Sdxc Memory Card For Macbook Air below along with associated reviews and opinions. PNY - Elite Performance 512GB SDXC UHS-I Memory Card. Model: P-SDX512U3H-GE. Rating 5 out of 5 stars with 10 reviews (10 reviews) Top comment.
Make sure that you carefully follow these steps to ensure that users will be able to log in to the computer.
- Pair a smart card to an admin user account or configure Attribute Matching.
- If you’ve enabled strict certificate checks, install any root certificates or intermediates that are required.
- Confirm that you can log in to an administrator account using a smart card.
- Install a smart-card configuration profile that includes '<key>enforceSmartCard</key><true/>,' as shown in the smart card-only configuration profile below.
- Confirm that you can still log in using a smart card.
For more information about smart card payload settings, see the Apple Configuration Profile Reference.
For more information about using smart card services, see the macOS Deployment Guide or open Terminal and enter
man SmartCardServices
.Disable smart card-only authentication
If you manually manage the profiles that are installed on the computer, you can remove the smart card-only profile in two ways. You can use the Profiles pane of System Preferences, or you can use the /usr/bin/profiles command-line tool. For more information, open Terminal and enter
man profiles
.If your client computers are enrolled in Mobile Device Management (MDM), you can restore password-based authentication. To do this, remove the smart card configuration profile that enables the smart card-only restriction from the client computers.
To prevent users from being locked out of their account, remove the enforceSmartCard profile before you unpair a smart card or disable attribute matching. If a user is locked out of their account, remove the configuration profile to fix the issue.
If you apply the smart card-only policy before you enable smart card-only authentication, a user can get locked out of their computer. To fix this issue, remove the smart card-only policy:
Sd Card For Mac Air
- Turn on your Mac, then immediately press and hold Command-R to start up from macOS Recovery. Release the keys when you see the Apple logo, a spinning globe, or a prompt for a firmware password.
- Select Disk Utility from the Utilities window, then click Continue.
- From the Disk Utility sidebar, select the volume that you're using, then choose File > Mount from the menu bar. (If the volume is already mounted, this option is dimmed.) Then enter your administrator password when prompted.
- Quit Disk Utility.
- Choose Terminal from the Utilities menu in the menu bar.
- Delete the Configuration Profile Repository. To do this, open Terminal and enter the following commands.
In these commands, replace <volumename> with the name of the macOS volume where the profile settings were installed.rm /Volumes/<volumename>/var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Settings/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Setup/.profileSetupDone
- When done, choose Apple () menu > Restart.
- Reinstall all the configuration profiles that existed before you enabled smart card-only authentication.
Configure Secure Shell Daemon (SSHD) to support smart card-only authentication
Users can use their smart card to authenticate over SSH to the local computer or to remote computers that are correctly configured. Follow these steps to configure SSHD on a computer so that it supports smart card authentication.
Update the /etc/ssh/sshd_config file:
- Use the following command to back up the sshd_config file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the sshd_config file, change '#ChallengeResponseAuthentication yes' to 'ChallengeResponseAuthentication no' and change '#PasswordAuthentication yes' to '#PasswordAuthentication no.'
Then, use the following commands to restart SSHD:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd
If a user wants to authenticate SSH sessions using a smart card, have them follow these steps:
- Use the following command to export the public key from their smart card:
ssh-keygen -D /usr/lib/ssh-keychain.dylib
- Add the public key from the previous step to the ~/.ssh/authorized_keys file on the target computer.
- Use the following command to back up the ssh_config file:
sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config_backup_`date '+%Y-%m-%d_%H:%M'`
- In the/etc/ssh/ssh_config file, add the line 'PKCS11Provider=/usr/lib/ssh-keychain.dylib.'
If the user wants to, they can also use the following command to add the private key to their ssh-agent:
ssh-add -s /usr/lib/ssh-keychain.dylib
Enable smart card-only for the SUDO command
Use the following command to back up the /etc/pam.d/sudo file:
sudo cp /etc/pam.d/sudo /etc/pam.d/sudo_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the /etc/pam.d/sudo file with the following text:
Enable smart card-only for the LOGIN command
Use the following command to back up the /etc/pam.d/login file:
sudo cp /etc/pam.d/login /etc/pam.d/login_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/login file with the following text:
Enable smart card-only for the SU command
Use the following command to back up the /etc/pam.d/su file:
![Apple Apple](/uploads/1/3/4/8/134861171/981765490.jpg)
sudo cp /etc/pam.d/su /etc/pam.d/su_backup_`date '+%Y-%m-%d_%H:%M'`
Then, replace all of the contents of the/etc/pam.d/su file with the following text:
Sample smart card-only configuration profile
Here’s a sample smart card-only configuration profile. You can use it to see the kinds of keys and strings that this type of profile includes. How to win money gambling on football.
What is SD?
SD describes devices that conform to SD standards for non-volatile memory cards. See the SD Association website for details.
Are there size limitations for the cards that can be inserted into the SD slot?
Yes. The SD card specification for a memory card is 32mm by 24mm by 2.1mm. You can also use thinner cards, such as MultiMediaCards (MMC). Avoid using cards that have a thickness greater than 2.1mm, as they might damage the SD card slot if you try to insert them.
Which SD card formats work in the SD card slot?
Cards that conform to the SD 1.x, 2.x, and 3.x standards should work. The SD card slot can use:
- Standard SD, 4MB to 2GB
- SDHC (Secure Digital High Capacity), 4GB to 32GB
- SDXC, 4GB to 2TB
- MMC (MultiMediaCards)
- UHS‑II, up to 2TB (iMac Pro only)
You can use a passive adapter like the one shown here to make MiniSD, MicroSD, and higher density formats like MiniSDHC and MicroSDHC conform to the width and thickness specifications listed above:
How fast can my Mac read or write to an SD card in the SD card slot?
Mac notebooks use the USB bus to communicate with the SD card slot. They have a maximum speed of up to 480Mbit/s. Mac desktops use the PCIe bus to communicate with the SD card slot. Desktops can transfer data at a faster rate.
Check the packaging that came with your SD media to determine the maximum transfer rate that your specific card uses.
Boot error for mac. Troubleshoot Boot Camp Assistant problems on Mac. Here are some Apple Support articles that might help you troubleshoot Boot Camp on your Mac: Install Windows 10 on your Mac with Boot Camp Assistant. If the Boot Camp installer doesn’t open after using Boot Camp Assistant. Switch between Windows and macOS.
To determine the maximum transfer speed of your Mac, you can use System Information. Choose Apple () menu > About This Mac and then click System Report.
If you use a Mac notebook:
- Select Hardware, then select USB.
- Select Internal Memory Card Reader and look for the Speed entry.
If you use a Mac desktop computer:
- Select Hardware, then select Card Reader.
- Look for the Link Speed entry. Computers that use the PCIe bus express their speed as GT/s.
Does the SD slot work with cards that exceed 32GB?
Yes. However, most media manufacturers preformat the media using common block-and-cluster sizes that don’t approach the theoretical limits of a given file system.
Most SD cards use the FAT32 file format, and preformatted FAT32 SD media is commonly available up to a capacity of 32GB. Media that exceeds 32GB usually uses the exFAT file system, while some smaller capacity cards use the FAT16 file format. Preformatted FAT16 media is generally available up to a capacity of 2GB.
If you use OS X Snow Leopard 10.6.5 or later, you can find out which file system you’re using:
- Insert the media into the SD card slot.
- Choose Apple menu > About This Mac.
- Click System Report.
- In the Hardware section, click Card Reader, and find the File System field.
Will the SD card slot work with SD cards that use the exFAT file system?
Yes. Any Mac that has an SD card slot and is running OS X 10.6.5 or later can use the exFAT file system.
exFAT is also supported in Boot Camp with Windows 7, 8.1, or 10 on any Mac made in 2011 or later with an SD card slot.
How do I insert media into the SD card slot?
When you insert the card, make sure that the metal contacts face down and point toward the computer. Don’t force media into the SD card slot, as this might cause damage.
How does my Mac use the media inserted into the SD card slot?
Your computer recognizes a card inserted into the SD card slot as a USB storage device. You can mount, read from, and write to the SD card just like you can with any other USB storage device.
I put the card in the slot, but it didn’t mount. What should I do?
Remove the card and insert it again. Sometimes the SD card won’t mount properly if you put it into the slot too slowly.
When I try to write content to the card, I get a 'cannot be modified' message. How can I fix this?
You see this message when you try to edit data on an SD card that’s locked. You need to use the lock slider to unlock the card before you can edit the data.
To eject the card, drag the icon that represents the card to the Trash. After the icon disappears from the desktop, you can remove the card from the computer. Adjust the lock slider tab to unlock the card, then reinsert the card into the slot. See the manufacturer’s instructions for the location of the slider tab.
Can I use Disk Utility to reformat an SD card?
Sd Card Reader For Apple Macbook
You can use Disk Utility to partition and format an SD device as FAT32 (using the MS-DOS FAT setting) or Mac OS Extended. The Mac OS Extended format can be used only on Macintosh systems. Non-Apple systems won’t recognize cards formatted to Mac OS Extended.
You might have to format a card that’s larger than 32GB with exFAT if you want to use it with a digital camera, GPS, or another device. When in doubt, format the card in the device that you intend to use it with.
Can I install macOS on an SD storage device and use it as a startup volume?
Use Disk Utility to change the default partition table to GUID. Then format the card to use the Mac OS Extended file format.
How do I remove a card from the SD card slot?
Before you remove the card, allow any data transfer to SD media to complete. To eject the card, drag the icon that represents the card to the Trash. After the icon disappears from your desktop, you can remove the card from the slot.
Don't remove a card while your Mac is sleeping, as this could lead to data loss. Always wake your computer and eject the SD card before removing it from your Mac.
Can I use Secure Digital Input Output (SDIO) cards?
Can I use macOS to see the specifications for the interface hardware and media inserted in the SD card slot?
You can get information about the interface hardware and the media that you inserted in the slot from the System Information:
- Choose Apple menu > About This Mac.
- Click System Report.
- In the Hardware section of System Information, select USB.
- In the list of USB devices, select Internal Memory Card Reader to access information about the interface hardware and the media inserted into the SD card slot.
Can I use the SD card slot while running Windows using Boot Camp?
The SD card slot works with Boot Camp in all supported versions of Windows. You’ll need to download and install the Windows Support Software to use the SD card slot with Windows.
Learn more about using Windows on a Mac.
Can I use an SDXC card on my Mac with Windows?
You can use an SDXC card in Windows 7, Windows 8, and Windows 10 with these Mac computers:
- MacBook Pro (Early 2011 and later)
MacBook Pro models from 2016 and later don't have a built-in SD card slot. You can use a USB-C card reader, or a combination of a USB-C to USB Adapter and a USB card reader. - MacBook Air (Mid 2011 and later)
- Mac mini (Mid 2011 and later)
Mac mini (Mid 2010) doesn't support SDXC cards. - iMac (Mid 2011 and later)
iMac (Mid 2010) doesn't support SDXC cards.
Can I use an SD, SDHC, or SDXC card to install Windows on my Mac?
No. You can’t use SD, SDHC, or SDXC cards with Boot Camp to install Windows software on Mac computers.