I am trying to edit rules in auth.db to get the authorization plugin to be invoked whenever the login window is going to appear: <ol> <li>After restarting the Mac</li> <li>After manual log-out</li> <li>When waking from sleep</li> <li>After the screen saver</li> </ol> The rationale for this is to enable unlock/login without the user typing her login/password manually. Having modified the system.login.console rule I got the authorization plugin invoked on 1) and 2) events but not on 3) and 4) ones. For 3) and 4) I tried to edit system.login.screensaver rule in a few ways, e.g.: <pre class="prettyprint"><code><dict> <key>class</key> <string>user</string> <key>mechanisms</key> <array> <string>NullAuthPlugin:invoke,privileged</string> <string>builtin:authenticate</string> <string>authinternal</string> </array> <key>group</key> <string>admin</string> <key>session-owner</key> <true/> <key>shared</key> <false/> <key>allow-root</key> <false/> </dict> </code></pre> The plugin is invoked on 3) when waking after sleep, but is not invoked on event 4) after screen saver. How can I make the authorization plugin be invoked after the screen saver?

I struggled with this for some time too (your question helped me out a lot btw, thanks for that!) Here is what worked for me: <pre class="prettyprint"><code><?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>allow-root</key> <false/> <key>authenticate-user</key> <true/> <key>class</key> <string>user</string> <key>created</key> <real>426709293.721896</real> <key>group</key> <string>admin</string> <key>mechanisms</key> <array> <string>NameAndPassword:invoke</string> <string>builtin:policy-banner</string> <string>builtin:authenticate,privileged</string> <string>builtin:auto-login,privileged</string> <string>builtin:forward-login,privileged</string> <string>PKINITMechanism:auth,privileged</string> </array> <key>modified</key> <real>427141220.594918</real> <key>session-owner</key> <true/> <key>shared</key> <false/> <key>timeout</key> <integer>2147483647</integer> <key>tries</key> <integer>10000</integer> <key>version</key> <integer>0</integer> </dict> </plist> </code></pre> NOTE: I used the NameAndPassword Apple example not the NullAuth one, so if you're using this with your NullAuth one from the question, you'd need to change that. Obviously your timestamps and stuff will also be different. Worked for me with all 4 cases you listed. I am not sure whether all those mechanisms were necessary, so I will probably clean it up in the future, but for now it works.

How to invoke Mac authorization plugin for unlocking the lock screen after screen saver?

Tags:

authentication

macos

plugins

authorization

I am trying to edit rules in auth.db to get the authorization plugin to be invoked whenever the login window is going to appear:

After restarting the Mac
After manual log-out
When waking from sleep
After the screen saver

The rationale for this is to enable unlock/login without the user typing her login/password manually.

Having modified the system.login.console rule I got the authorization plugin invoked on 1) and 2) events but not on 3) and 4) ones. For 3) and 4) I tried to edit system.login.screensaver rule in a few ways, e.g.:

<dict>
    <key>class</key>
    <string>user</string>
    <key>mechanisms</key>
    <array>
        <string>NullAuthPlugin:invoke,privileged</string>
        <string>builtin:authenticate</string>
        <string>authinternal</string>
    </array>
    <key>group</key>
    <string>admin</string>
    <key>session-owner</key>
    <true/>
    <key>shared</key>
    <false/>
    <key>allow-root</key>
    <false/>
</dict>

The plugin is invoked on 3) when waking after sleep, but is not invoked on event 4) after screen saver.

How can I make the authorization plugin be invoked after the screen saver?

458

asked Jul 03 '14 20:07

Kinter

1 Answers

I struggled with this for some time too (your question helped me out a lot btw, thanks for that!)

Here is what worked for me:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>allow-root</key>
    <false/>
    <key>authenticate-user</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>created</key>
    <real>426709293.721896</real>
    <key>group</key>
    <string>admin</string>
    <key>mechanisms</key>
    <array>
        <string>NameAndPassword:invoke</string>
        <string>builtin:policy-banner</string>
        <string>builtin:authenticate,privileged</string>
        <string>builtin:auto-login,privileged</string>
        <string>builtin:forward-login,privileged</string>
        <string>PKINITMechanism:auth,privileged</string>
    </array>
    <key>modified</key>
    <real>427141220.594918</real>
    <key>session-owner</key>
    <true/>
    <key>shared</key>
    <false/>
    <key>timeout</key>
    <integer>2147483647</integer>
    <key>tries</key>
    <integer>10000</integer>
    <key>version</key>
    <integer>0</integer>
</dict>
</plist>

NOTE: I used the NameAndPassword Apple example not the NullAuth one, so if you're using this with your NullAuth one from the question, you'd need to change that.

Obviously your timestamps and stuff will also be different. Worked for me with all 4 cases you listed.

I am not sure whether all those mechanisms were necessary, so I will probably clean it up in the future, but for now it works.

answered Nov 15 '22 11:11

fjlksahfob

Related questions
                            
                                Developer tools not working in Chrome osx
                            
                                How do I get the Hard Drive serial number of a USB drive on OS X?
                            
                                OpenGL core profile incredible slowdown on OS X
                            
                                How to set speaker configuration programatically using Core Audio API on Mac OS X?
                            
                                Can I create a console application using Xamarin.Mac?
                            
                                Multiprocessing Qt app: How can I limit it to a single icon in the MacOS/X Dock?
                            
                                CoreBluetooth - iPhone advertising in background mode
                            
                                How to programmatically run a command with low IO priority and high niceness value on OS X
                            
                                WebView (OSX) not rendering in print panel preview
                            
                                Tmux is blocking Ctrl-s in OSX ML
                            
                                Why are std::stoi and std::array not compiling with g++ c++11?
                            
                                npm install -g mongodb not installing mongodb globally on OSX 10.8.4?
                            
                                In Cocoa KVO, why doesn't a change on a NSMutableArray proxy notify observers?
                            
                                How to build and embed another application inside my target in Xcode?
                            
                                NStoolbar reloading/refreshing
                            
                                Can TCriticalSection.Acquire be safely called more than one time by a thread?
                            
                                Installing gold linker on OS X
                            
                                Mac DMG oddity - signing and "damaged" applications
                            
                                Java 1.7 on OSX 10.9.2 running as 1.5?
                            
                                How to set the text of an NSTextView in Xamarin Mac?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With