This payload controls restrictions and settings for SmartCard pairing on macOS v10.12.4 and later.
Enable user pairing dialog
Optional. If false, users will not get the pairing dialog, although existing pairings will still work. Default is true.
Allow SmartCard Unlock
Optional. If false, the SmartCard is disabled for logins, authorizations, and screensaver unlocking. It is still allowed for other functions, such as signing emails and web access. A restart is required for a change of setting to take effect. Default is true.
Verify certificate trust
Optional. If true, certificates on the card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its “valid-after” date is in the past, and it passes CRL and OCSP checking. User overrides are not allowed. Usually this key is set to true for SmartCard use in corporate environments. Default is false.