Menu
I am trying to edit rules in auth.db to get the authorization plugin to be invoked whenever the login window is going to appear:
The rationale for this is to enable unlock/login without the user typing her login/password manually.
Having modified the system.login.console rule I got the authorization plugin invoked on 1) and 2) events but not on 3) and 4) ones. For 3) and 4) I tried to edit system.login.screensaver rule in a few ways, e.g.:
<dict>
<key>class</key>
<string>user</string>
<key>mechanisms</key>
<array>
<string>NullAuthPlugin:invoke,privileged</string>
<string>builtin:authenticate</string>
<string>authinternal</string>
</array>
<key>group</key>
<string>admin</string>
<key>session-owner</key>
<true/>
<key>shared</key>
<false/>
<key>allow-root</key>
<false/>
</dict>
The plugin is invoked on 3) when waking after sleep, but is not invoked on event 4) after screen saver.
How can I make the authorization plugin be invoked after the screen saver?
458
You can also easily lock your Mac from the Apple menu. To do so, just click the Apple icon at the top left, and then select “Lock Screen.” If you require a password to unlock your Mac immediately after it's put in sleep mode as we covered earlier, you can just click “Sleep” in this same menu.
I struggled with this for some time too (your question helped me out a lot btw, thanks for that!)
Here is what worked for me:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allow-root</key>
<false/>
<key>authenticate-user</key>
<true/>
<key>class</key>
<string>user</string>
<key>created</key>
<real>426709293.721896</real>
<key>group</key>
<string>admin</string>
<key>mechanisms</key>
<array>
<string>NameAndPassword:invoke</string>
<string>builtin:policy-banner</string>
<string>builtin:authenticate,privileged</string>
<string>builtin:auto-login,privileged</string>
<string>builtin:forward-login,privileged</string>
<string>PKINITMechanism:auth,privileged</string>
</array>
<key>modified</key>
<real>427141220.594918</real>
<key>session-owner</key>
<true/>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>2147483647</integer>
<key>tries</key>
<integer>10000</integer>
<key>version</key>
<integer>0</integer>
</dict>
</plist>
NOTE: I used the NameAndPassword Apple example not the NullAuth one, so if you're using this with your NullAuth one from the question, you'd need to change that.
Obviously your timestamps and stuff will also be different. Worked for me with all 4 cases you listed.
I am not sure whether all those mechanisms were necessary, so I will probably clean it up in the future, but for now it works.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
