Multiple prompts from eapolclient when connecting to WPAx-Enterprise/EAP-TLS

Question

Created Feb ’18

Replies 1

Boosts 0

Views 4.8k

Participants 2

Hi,

Is there a reason for the eapolclient needing to prompt the user 3 times in HighSierra when you want to connect to a new Network with EAP-TLS (Client Certificate)?

Assuming the client has:
* privatekey+certificate+identity in keychain

* profile containing WPA2-Enterprise/EAP-TLS config (pushed via mobileconfig)

The sequence is now:
* connect to WiFi network
* eapolclient wants access to key "xxxx" in your keychain.
* eapolclient wants access to key "com.apple.network.eap.user.identity.wlan.ssid.xxx" in your keychain.

* eapolclient wants access to change permission of the "xxxx" in your keychain.

Where every request from eapoclient requires the user to enter their login password.

Is there a way to have the "eapoclient" prompt 1 time, then remember the login password for the subsequent requests or maybe setup the "eapolclient" as a trusted system application that would have access to these things without the need for a password?

Thanks,

S.

Boost

Answer 1

DTS Engineer OP

Apple

Feb ’18

Is there a reason for the eapolclient needing to prompt the user 3 times in HighSierra when you want to connect to a new Network with EAP-TLS (Client Certificate)?

Alas, you’re asking for help in the wrong place. DevForums is a place to discuss developer-level issues, like Apple’s developer tools and the APIs in our various platform SDKs. It’s not the best place to seek user-level help, even when the issue is really complex like this one. You should repost your question over on the Apple Support Communities, run by AppleCare. Alternatively, you can escalate this via an official AppleCare support channel [1].

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Normal AppleCare support channels will probably baulk at this question, but AppleCare offers a variety of more robust paid-for support options. I don’t work for AppleCare, and thus am not able to discuss those options in detail, but I figured you might find the following links useful:

0