Keychain - Machine Certificate - Access Control
12-12-2016 07:13 AM
We'd like our machine certificates to have Access Control in Keychain set to "Allow all applications to access this item" on the Imported Private Key. We set this before we deploy a machine but I've seen sporadic instances where the setting gets changed to prompt the user for access which they can't approve because they don't have admin rights. Our VPN needs the machine cert for sign-in.
Any ideas on how to set the Access Control setting via policy? Or maybe grant a user the right to elevate only in Keychain or that part of Keychain?
12-15-2016 11:19 AM
Hello @buckybadger and welcome to the Centrify Community.
It appears that there is an open investigation to add this functionality to the product line. Please see the post in our Idea Exchange here.
If this was working as is, it would be helpful to open a case with our Support team in order to investigate further.
Have a great day!!
03-15-2017 03:01 PM
It is not a feature yet and it is still under our investigation to put it into the future. Sorry for the inconvenience caused.
01-09-2019 08:34 AM
Just checking back in on this. We still have the issue where we're auto enrolling our Mac devices with machine certificates but our VPN cannot access the private key of the new certificate in Keychain without manually granting the access using an administrator account. It's been two years so maybe there's a way to do it now? :)