Integrations
      Back to home
      1. Help Center
      2. Location Identity Platform
      3. Integrations

      Mac Logon

      This short guide explains how to install the Mac Logon service simply and quickly.

      Mac Logon (ENG)

      Introduction

      This small guide explains how to install the Mac Logon service simply and quickly.

      Ironchip Dashboard Configuration

      Enter the Ironchip management panel and create a new API Key type application, don't forget to store the key in a safe place.

      And add an access with the name of your user from your Mac device.

      To know the exact username, open a terminal on your MAC device and run the command whoami.

      Configuration on your MAC

      Important: This process can cause permanent system and user locks if not executed correctly. It is recommended to keep a terminal with administrator permissions open during the process to avoid any irreparable error, in addition to integrating the service for sudo authentication first as a test so as not to be left out of the system.

      Before starting, you should have the PAM file downloaded on your computer, which will be provided by Ironchip staff.

      Once downloaded on your computer, move it to the path /opt/local/lib/pam

      cp <PAM file path> /opt/local/lib/pam

      If the folder does not exist, create it using the following command:

      mkdir /opt/local/lib/pam

      Once the PAM file is in the corresponding folder, go to the location /etc/pam.d. At this point, you will need to add a line of code at the beginning of one of these files, depending on your needs:

      • sudo file: authentication when executing administrator actions like the sudo su command or similar.
      • authorization + screensaver file: authentication when starting the user session
      • sshd file: authentication when establishing an SSH connection

      Edit one of the files mentioned above and add the following line of code at the beginning of the file. Adding the api key from your ironchip application:

      auth required /opt/local/lib/pam/pam_ironchip_auth.so host=https://api.ironchip.com api_key= <application api key>

      Finally, you should run the following command to disable the software protection for unidentified developers for this specific file.

      xattr -dr com.apple.quarantine <Ruta de el archivo pam>