authenticate right never get called in 10.13

We developed an authorization plugin with our custom UI. It worked perfectly on El Capitan and Sierra.

But on High Sierra it stopped invoking when a user clicks the lock item in System.Preferences.

To invoke our plugin, we changed the authenticate right in the authorization database.


  { 'class' : 'evaluate-mechanisms', 'mechanisms' : [ 'builtin:authenticate', 'builtin:reset-password,privileged', 'builtin:authenticate,privileged', 'PKINITMechanism:auth,privileged' ], 'shared' : 'true', 'tries' : '10000' }


Actually, we replaced builtin:authenticate with a mechanism from our plugin. We found that the authenticate right is not invoked on High Sierra, when a user clicks any locks in System.preferences.


Is that a bugs? Are there any other ways to invoke a custom UI mechanism for unlocking?
Up vote post of lex.andreev Down vote post of lex.andreev
298 views
Posted by
lex.andreev
Reply
Add a Comment

Replies

I’ve seen something like this before (r. 33286759). My understanding of this issue is somewhat fuzzy but my recommendation is that re-test this on the current 10.13.2 beta release (build 17C60c), where there’s been some notable changes in this space.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment