Big Sur and smart cards

Same here on MacBook Pro 13 (2020). On reddit a user wrote: To avoid the force restarts, I discovered that you can SSH into the machine (needs Remote Login enabled) and 'killall loginwindow', then use password login. Doesn't help of course if you have Smartcard only enabled.

I also have the problem, but in a different was. Before tell it, I use an user with smartcard for login which do NOT have admin privileges. So, when I do an action which needs admin privileges an extra GUI prompt asking me for my PIN. But it did not work, because, I do not have the admin privileges. And I'm not able to insert a different username.

But when I remove my Smartcard, I'm able to change the username. So I enter the username of an administrator and the corresponding password. After that the action is authorized.

I assume that there is bug in macOS that the changing of the username is not possible if the smartcard is inserted.

Same problem, but worse. I can't login into Big Sur with Yubikey sometimes.

The login window froze there (with the right pin) for a long time and later it got unfreezed. After that click anything will only play 'Funky' sound effect...

The only way to solve this for me will be killing the windowserver (which force logout the user) via ssh.

Or by doing a force shutdown and restart.

I think for your problem, maybe you can find the process named "security" (not 100% sure now) and kill it to remove the front most window.

I can now reproduce the issue. Killing windowsserver do not helped for me.

And I assume, I know why I did not get the issue on my first tests. The first machine I used for testing uses the openSC framework and NOT the apple CTK. So, I assume using openSC helps for not getting this issue.

I have a second machine where I was able to reproduce the issue. There I do not have the openSC installed. I know update the machine with openSC and will give a feedback in some days if the error perists.

I am experiencing the exact same issue with macOS Big Sur 11.0.1 and a Yubikey 4 Nano on a 2017 iMac Pro.

Additional details I can provide... it is intermittent, and a forced restart works again for some period of time (usually a few hours to a few days...) but invariably, the root privilege GUI will freeze. This is preventing software installs (which require elevated permissions) and will cause my machine to lock overnight (regardless of the Energy and/or Screensaver settings) such that I can't unlock the computer in the morning by entering the Smartcard PIN, and my only option is to force restart my iMac.

I also notice that whenever I enter the PIN code in the root privilege GUI, my screensaver flashes on, which makes me think that it is smart card related, since the computer automatically locks and shows the screensaver if the Yubikey is physically removed.

Details about pairing the Yubikey with macOS as a smartcard can be found here:

https://support.yubico.com/hc/en-us/articles/360016649059-Using-Your-YubiKey-as-a-Smart-Card-in-macOS

I'm thinking about following the instructions under the heading, "How to Unpair Your YubiKey and PIV Login from macOS" but I'm hesitant to do anything that might lock me out entirely or make the situation worse.

Has anyone else done this? I'm anxiously looking forward to a solution!

I have unpaired my Yubikey from my macbook pro and now simply log in with my password. I disabled the Smartcard Pairing notification, which you will receive each time you plug it into the machine, just because it got annoying. The Yubikey still works for any other website or service that you have 2FA set up against.

So far everything has been working well, except for the annoyance of having to type in a password for root and login :)

@robertfromaldie,

I'm not sure, if I got your right. So, yes this is clear if you disable smartcard pairing the problem is solved.

But for me the question is, how to let smartcard enabled and do not get the freezed machine.

In my setup it is NOT necessary to unpair the smartcard. It is enough not to USE the smartcard. When I'm logged in using username/password and enable the screensaver. I tested this scenario over 2 days and the screensaver did not get freezed. Unlocking the screensaver worked with username/password aswell with smartcard/PIN (with adding the smartcard shortly before).

So, my question is: did you really disabled smartcard pairing or did you mean disabling and enabling again?

Thanks for the clarification.

Hi @robertfromaldie,

thanks for the clarification. This is quite interesting. Because it looks like that you had the error EVERY time. I only have problem when I use the smartcard. When I use username/password for login and NOT inserting the smartcard everything works without any issue.

After reading this thread, I found just unplugging the yubikey and only using when I need it for 2FA solves the freezing issue. Bit of a pain for the login window and not being able to use a pin but glad my system not freezing multiple times a day. Hope they issue a fix soon

I had this issue and solved it by Resetting the SMC. I have a T2 chip and I also could not unlock my system preferences. So Steps were:

1) Unpair the Smart Card

2) Reset SMC

3) Repair smart card.

All done.

Yes, for me it's the same. The whole thing is so buggy, that it is useless. I have spare notebook with a fresh installed Big Sur and have the same problems here. There are no possible impacts because there is no additional software on this machine. This really frustrating and neither Appel nor Yubicon wanted to help.

I have the exact same issue. At the moment I cannot seem to find any fix for this. It is making Big Sur very frustrating to use.