Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.
Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.
- Subject: Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.
- From: Jens Alfke <email@hidden>
- Date: Wed, 07 Sep 2016 13:39:16 -0700
> On Sep 6, 2016, at 5:36 AM, Motti Shneor <email@hidden <mailto:email@hidden>> wrote:
>
> All my app does, is use KeyChain APIs to read proxy user/password. I believe securityd agent/daemon is the one to prompt user for permission. It runs under user ‘root’ - much like my own daemon.
Yes, but root isn’t a normal user account, so various system services (such as LaunchServices, IIRC) don’t work correctly from processes running as root.
> * How does it gain access to my Login keychain?
At login time, the Keychain APIs running in your account unlock the keychain by sending the daemon the keychain password. The login.keychain has the same password as your user account, so the login procedure just sends that same password to security.
> How does it determine which keychain to consult for a specific connection? does it somehow impersonate my user (and call the key-chain APIs)?
The Keychain APIs running in a process tell it which keychains to open.
> Can’t believe this is true, because when proxy settings change - who will synchronize?
It’s not something that’s ‘true’, it’s just a possible mechanism I suggested that you might try to use. And yes, it would need to be updated when proxy settings change.
Anyway, this is not the best mailing list to discuss this. I would suggest either macnetworkprog or apple-cdsa (the misleadingly-named security list.)
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden