1 Reply
      Latest reply on Dec 5, 2019 12:30 AM by eskimo
      Kopanja Level 1 Level 1 (0 points)

        Hi   We are working on an authentication plugin. It uses two privileged mechanisms, the first one invokes before our main unprivileged mechanism, and the second one after it allows login. We want to use them to communicate with a system keychain. The first mechanism should read from a keychain, and the second should write some data. What we want to achieve is to make this reads and writes obviously without a dialog to enter admin name and password. What is the proper way to do it? Our first mechanism is launched just before "builtin:login-success" and the second one just before "loginwindow:success", if this plays any role.

        • Re: Keychain access in priveleged mechanism
          eskimo Apple Staff Apple Staff (12,425 points)

          If they’re both privileged mechanisms, they both run in the same host process.  Given that, the ACL that’s set up when you create the item in one authorisation plug-in should allow the other authorisation plug-in to access the item.

          Have you tried this?  I think it’ll Just Work™.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"