macOS Sonoma Lock Screen with SFAutorizationPluginView is not hiding the macOS desktop

Question

Created Sep ’23

Replies 18

Boosts 0

Views 5.5k

Participants 5

On Sonoma beta 7, if system.login.screensaver is updated to use “authenticate-session-owner-or-admin”, and then Lock Screen is not hiding the macOS Desktop.

Step1. Update system.login.screensaver authorizationdb rule to use “authenticate-session-owner-or-admin”( to get old SFAutorizationPluginView at Lock Screen ). Step 2. Once the rule is in place after logout and login, now click on Apple icon and select “Lock Screen”.

Even after selecting Lock Screen, complete macOS Desktop is visible with no control for the user to unlock the screen. To gain access we have to restart the MAC.

Answered by DTS Engineer in 769109022

I’ve had a chance to dig into this in more detail and I have more specific advice.

macOS 14.0 has a bug (r. 112013559) where it fails to hide the user’s desktop when using a third-party authorization plug-in for screen unlock. This is reported as fixed in macOS 14.1b3 and later (including the current 14.1 release candidate).

Starting with macOS 14 we have new recommendations for folks with an authorisation plug-in that uses an SFAuthorizationPluginView subclass to override screen unlock:

Tell your users to avoid macOS 14.0 because of the above-mentioned bug.
Configure the system.login.screensaver right as you did previously.

But also set the screenUnlockMode user default as follows:

% sudo defaults write /Library/Preferences/com.apple.loginwindow screenUnlockMode -int 2

Our hope is that this will ensure better compatibility going forward.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

ampm OP

Nov ’23

Hi Quinn, what is the purpose of this setting? When I use it, the background of the user desktop behind the application windows turns white (instead of showing the wallpaper) and if I click on it all the windows are moved out of the visible space.

Thanks, Alberto

0

Answer 2

anonymoussingh OP

6d

@DTS Engineer

We are using an SFAuthorizationPluginView-based authentication plug-in for screen unlock.

We are seeing a different issue on macOS Tahoe 26.4.1: during the lock/unlock flow, Apple’s default lock screen appears first, and after entering the password there, our plug-in lock screen appears afterward. In effect, the lock screen is shown twice.

Based on your guidance in this thread, we tested setting screenUnlockMode = 2 in /Library/Preferences/com.apple.loginwindow, and that appears to resolve the issue.

We would like clarification on the lifecycle and supportability of this setting:

What supported values exist for screenUnlockMode, and what behavior does each value enable?
Is this a supported public setting, or is it considered an internal compatibility workaround?
Can this setting be managed through MDM, and if so, through which payload/key?
On systems where this key is absent, is that equivalent to a specific default value?
For uninstall/rollback, should we restore the original value if present and delete the key if it was previously absent?

0

Answer 3

DTS Engineer OP

Apple

6d

i’m going to delay responding to this until after we’ve dealt with the issue you raised in this thread.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0