Keychain access in priveleged mechanism

Hi We are working on an authentication plugin. It uses two privileged mechanisms, the first one invokes before our main unprivileged mechanism, and the second one after it allows login. We want to use them to communicate with a system keychain. The first mechanism should read from a keychain, and the second should write some data. What we want to achieve is to make this reads and writes obviously without a dialog to enter admin name and password. What is the proper way to do it? Our first mechanism is launched just before "builtin:login-success" and the second one just before "loginwindow:success", if this plays any role.

If they’re both privileged mechanisms, they both run in the same host process. Given that, the ACL that’s set up when you create the item in one authorisation plug-in should allow the other authorisation plug-in to access the item.

Have you tried this? I think it’ll Just Work™.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
Keychain access in priveleged mechanism
 
 
Q