Every now and then things does not work as intended. For example: when putting a new Yubikey that has certificates, PIN and PUK installed into a slot on your Mac, a pairing dialog should appear. This does not always happen and in this case we need to do a “manual pairing”.
I will here explain how:
1. Insert the Yubikey into the Mac
2. Open a terminal
3. Run the sc_auth command below
sc_auth identities
This will output something like this:
SmartCard: com.apple.pivtoken:2B20E9654D142033695ADEC481CFD11EBA45EC00 Unpaired identities: C28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2 Certificate For PIV Authentication (<username>)
4. Now run the following comman to start the pairing process
sudo sc_auth pair -f -u<username> -hC28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2
NOTE:
<username> – is the username of the identity that you want to pair with your Yubikey
“C28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2” – is the Yubikey hash for the identity above (the CN of the authentication certificate)
The process will now begin with asking for the Yubikey PIN
5. If all goes well you should now see a message “Pairing Successful”
You are now ready to use your Yubikey on your Mac
Tested on OSX Catalina 10.15.4 and Yubikey firmware 4.4.5
0 Comments.