Keychain access in priveleged mechanism

Hi We are working on an authentication plugin. It uses two privileged mechanisms, the first one invokes before our main unprivileged mechanism, and the second one after it allows login. We want to use them to communicate with a system keychain. The first mechanism should read from a keychain, and the second should write some data. What we want to achieve is to make this reads and writes obviously without a dialog to enter admin name and password. What is the proper way to do it? Our first mechanism is launched just before "builtin:login-success" and the second one just before "loginwindow:success", if this plays any role.

Up vote post of Kopanja Down vote post of Kopanja
433 views
Posted by
Kopanja
Reply
Add a Comment

Replies

If they’re both privileged mechanisms, they both run in the same host process. Given that, the ACL that’s set up when you create the item in one authorisation plug-in should allow the other authorisation plug-in to access the item.

Have you tried this? I think it’ll Just Work™.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment