[quote='817709022, DTS Engineer, /thread/770243?answerId=817709022#817709022']
Changes their password how?
[/quote]
Currently I am trying to change the password from the User and group tab in the settings.
In the Future might connect to the AD also.
I don't think I can track if some changes their password.
Post
Replies
Boosts
Views
Activity
[quote='816974022, DTS Engineer, /thread/770243?answerId=816974022#816974022']
Create a second mechanism that gets the password from the context and saves it, then add that mechanism near the end of the mechanisms array, after builtin:authenticate.
[/quote]
The Issue with this is that if someone changes the password, I want to show the password field again so that the user can enter his new password, but I cannot verify whether the stored password is correct.
[quote='816817022, DTS Engineer, /thread/770243?answerId=816817022#816817022']
If that fails, the system will retry, running the mechanisms from the start, and so you’ll get another go at this.
[/quote]
The issue I’m facing is that I’m trying to implement a feature to save the password in the macOS Keychain (I haven’t fully reached that part yet—still figuring it out). However, if someone enters the wrong password, I want to ensure it doesn’t get saved in the Keychain. And there is no way for me know if the password is correct or not
Do you have any alternative suggestions or approaches to achieve this functionality? Your insights would be greatly appreciated!
I resolved the issue. It turns out the app needed to be run as root. Thank you for your help!
So I have write this code
func systemKeychain() -> SecKeychain? {
var searchListQ: CFArray? = nil
let err = SecKeychainCopyDomainSearchList(.system, &searchListQ)
guard err == errSecSuccess else {
return nil
}
let searchList = searchListQ! as! [SecKeychain]
return searchList.first
}
func storePasswordInSpecificKeychain(service: String, account: String, password: String) -> OSStatus {
// Get a reference to the System Keychain
guard let systemKeychainRef = systemKeychain() else {
print("Error: Could not get a reference to the system keychain.")
return errSecNoSuchKeychain
}
// Convert the password to Data
guard let passwordData = password.data(using: .utf8) else {
print("Failed to convert password to data.")
return errSecParam
}
// Define the query to add the password
let query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrService as String: service,
kSecAttrAccount as String: account,
kSecValueData as String: passwordData,
kSecUseKeychain as String: systemKeychainRef // Specify the System Keychain
]
// Add the item to the System Keychain
let status = SecItemAdd(query as CFDictionary, nil)
// Handle the result
if status == errSecSuccess {
print("Password successfully added to the System Keychain.")
} else if status == errSecDuplicateItem {
print("Item already exists. Consider updating it instead.")
} else {
print("Failed to add password: \(SecCopyErrorMessageString(status,nil) ?? "Unknown error" as CFString)")
}
return status
}
but I am getting the error
Failed to add password: Write permissions error.
Operation status: -61
how I can give resolve this
Thanks for the response!
Apologies for the formatting issues earlier; this is my first post.
I wanted to ask for more insights into achieving the passwordless feature for my MFA module. Specifically, my approach is to use the Keychain to securely store the user's password and fetch it later for authentication.
I'm using kSecAttrAccessibleAfterFirstUnlock because I assumed that once the user unlocks the device after a restart (using their password), I would then be able to access the Keychain to retrieve the stored password.
Am I misunderstanding how kSecAttrAccessibleAfterFirstUnlock works in the context of an authorization plugin? Or is there a better way to securely store and retrieve the password for this use case?
Looking forward to your suggestions!