Re: Save authentication to keychain
Re: Save authentication to keychain
- Subject: Re: Save authentication to keychain
- From: James Bucanek <email@hidden>
- Date: Sat, 6 Aug 2005 22:23:37 -0700
Jerry Brace wrote on Saturday, August 6, 2005:
>Am I right in assuming that every-time the app is run it
>will prompt for authentication once and not time out, and if the app is closed
>and reopened it will prompt again?
This isn't a function of when, or how often, you run your application. It's a function of the authorization.
When you get an authorization, it has a policy associated with it. The standard policy for an "admin privileges" authorization is that it times out after about 5 or 10 minutes. So once you annoy your user with an authentication dialog, you now have about 5 minutes to do something privileged, like fork a new process with root privileges. Once the authorization expires, your application can't use that authorization anymore. You'll have to get a new authorization if you want to do it again.
Now if you're starting a process with root privileges, once started that process will run as root until it exits -- which can be *long* after your authentication has expired. So if your helper process is a longed lived one, you only have to prompt for authorization once, start it, then let it run indefinitely. That was the gist of someone's earlier recommendation.
Authorizations are (normally) only valid within the process space they were obtained in. So quitting your application and restarting it will require you to get a new authorization.
>Or should the user only ever be prompted
>once and never again - unless their root password changes?
First of all, most users shouldn't have a root password. ;) I assume you mean the admin password. Either way, it doesn't matter. You don't save the user name and password somewhere and re-use it again later like some e-mail program. That's not the way authentication works.
Whether you prompt for authorization every time the user starts something, once when starting your application, or only once in a lifetime will be a function of how often you need to launch your process and how it gets installed. There are no rules. Use what makes sense for the design of your application and security of the system.
The MoreAuthSample code demonstrates a way of getting authorization for a privileged (i.e. root) helper process that only requires the user to be prompted for their authentication once in a lifetime. The first time the helper application is run, it goes through a self-installation procedure where it installs itself as a Set-UID executable owned by root. The advantage is that, once installed, the helper application runs as root without needing to be authorized in the future. The disadvantage, from a security standpoint, is that the helper application can run as root without needing to be authorized. In other words, the helper application needs to be *very* secure.
>I just need to know
>this to be sure that I'm on the right track. Either of these outcomes would be
>great for my situation - I just need to eliminate the time out.
You can only eliminate the time out by modifying the security policy for the execute-with-privileges right on the system you're running on. I would *not* recommend doing this for a commercial application, as you would be significantly altering the security of the entire system.
Since you can't really eliminate the time out, the strategy is avoid the need to get more authorizations in the future. That's what the MoreAuthSample code demonstrates.
--
James Bucanek
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden