I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password.
Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic.
However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain.
Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?
Post
Replies
Boosts
Views
Activity
Hi,
I'm working on a sample app to enable two-way data transfer between Mac, iOS, and Android devices.
The devices will be in close proximity to each other. To implement this, I used Google's Nearby API, which supports cross-platform communication.
The approach has worked well for Mac and iOS devices, even across different networks. However, while Mac and Android devices communicate successfully when on the same network, they fail to discover each other when on different networks.
Mac :left_right_arrow: iOS-----Works fine in all scenarios.
Mac :left_right_arrow: Android-------Works only when both devices are on the same network, but fails to discover each other on different networks.
Is there any alternative approach to achieve reliable cross-platform communication, or any technical documentation that could help with this?
Thanks in advance!
Hi There,
I have to achieve following scenario
Track system event on macosx for shutdown and restart and update one plist with same event via launchAgent
I have tried following code on launchAgent
class MyAgent {
init() {
let notificationCenter = NSWorkspace.shared.notificationCenter
// Register for system shutdown notification
notificationCenter.addObserver(self,
selector: #selector(handleNotification(_:)),
name: NSWorkspace.willPowerOffNotification,
object: nil)
RunLoop.current.run()
}
@objc func handleNotification(_ notification: Notification) {
var logMessage = ""
switch notification.name {
case NSWorkspace.willPowerOffNotification:
os_log("System is going to shut down at", log: log, type: .default)
updatePlistFile(event: "shut down")
let fileName = "example.txt"
let content = "shut down"
createAndWriteFile(fileName: fileName, content: content)
logMessage = "System is going to shut down at \(Date())\n"
}
}
}
loaded the agent, and tried to restart device, I can't see as it is coming to handleNotification
Same code is working fine from sample application but not from launchAgent
Is there any restriction is there for NSWorkspace, if is that so, how to track shutdown/restart event from launchAgent or LaunchDaemon
Any help will be appreciate
Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse,
So here is the process I followed for smartcard driver
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login.
sudo
# sudo: auth account password session
auth include sudo_local
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
authorization
# authorization: auth account
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache
auth optional pam_ntlm.so use_first_pass
auth sufficient pam_smartcard.so use_first_pass
account required pam_opendirectory.so
Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ?
Is it possible to create a mechanism with custom logic and replace it withbuiltin:authenticate,privileged in system.login.console authorization right ?
Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.
Hi Team,
I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver:
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
Hi Team,
I am developing a sample authPluggin which should connect to a mobile app via bluetooth connection,
So here are the scenario
Authplugin with Bluetooth connection shoould work on lockscreen+login
I have created mechanism- prepared:privillaged, main, clean:Privilaged
Calling corebluetoothmanager initiation at the time of prepared:privilaged mechanism
I have to add my auth plugin’s mechanism before loginwindow:success mechanism
But I always gets unauthorized = 3, from power state of bluetooth
Note: With App, bluetooth connection is working fine, Its giving error with authPlugin
How to achieve my ultimate goal, is this the right way?