Re: Save authentication to keychain
Re: Save authentication to keychain
- Subject: Re: Save authentication to keychain
- From: Finlay Dobbie <email@hidden>
- Date: Sat, 6 Aug 2005 22:48:08 +0100
On 8/6/05, James Bucanek <email@hidden> wrote:
> You can't save an authentication. An authentication is a "ticket" that expires after a period of time.
Actually, not all authorization rights expire after a period of time.
The right which is required by AuthorizationExecuteWithPrivileges()
does, and as you describe it is not correct to use AEWP() every time
you need to "gain" root privs.
> To authorize a binary to run as root forever, you need to authorize the user once and use that privilege to install the binary as a set-UID executable with an owner of root. Once installed, the binary can run as root whenever it needs to, without any additional authorization.
Well, it should certainly restrict itself as much as possible - you
might not want any user being able to call your root binary and pass
potentially damaging data in.
-- Finlay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden