Forced two facter authentication is on the horizon here, and we are going to run into a problem with all of our OS X users.
Currently, all new user accounts on a device are automaticlly prompted for enrollment with the PGP Universal server, and LDAP has served this purpose. They enroill with AD credentials, LDAP confirms they exist, and they are added to the disk.
Since PGP doesn't support smart cards on OS X, there will be no way for users to enroll with the Universal Server.
Since a local admin encrypts the drives and enrolls at deployment, we could easilly have them add each user manually to the disk (just like SEE used to, if anyone remembers). The problem is, enrollment will still pop up every time a new user is created. Since enrollment is impossible with smart cards, the user will be presented with the enrollment window for the life of the device.
Can auto enrollment be turned off for all users?
Thank you,
~Mike