Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow usage of Touch ID for admin actions on macOS #2998

Closed
benoitf opened this issue Jun 25, 2023 · 2 comments · Fixed by #4050
Closed

Allow usage of Touch ID for admin actions on macOS #2998

benoitf opened this issue Jun 25, 2023 · 2 comments · Fixed by #4050
Assignees
@benoitf
Labels
area/dashboard 📊 Concern the dashboard from Container Desktop kind/enhancement ✨ Issue for requesting an improvement

Comments

@benoitf
Copy link
Collaborator

benoitf commented Jun 25, 2023

Is your enhancement related to a problem? Please describe

Today, I'm asked for a password when requiring admin privileges but I have Touch ID so I would expect to have Podman Desktop working with my Touch ID

Describe the solution you'd like

It looks like that when using sudo, we can tune some pam modules

Edit /etc/pam.d/sudo
Add a new line under line 1 (which is a comment) containing:
auth       sufficient     pam_tid.so

but I don't like that as it's a user action

It looks like we should use osascript instead of sudo on macOS

example:

osascript -e 'do shell script "echo podman" with prompt "Podman Desktop requires admin privileges " with administrator privileges'

will provide something like
image

where I can use Touch ID or my password

Describe alternatives you've considered

No response

Additional context

No response
@benoitf benoitf added kind/enhancement ✨ Issue for requesting an improvement area/dashboard 📊 Concern the dashboard from Container Desktop labels Jun 25, 2023
@benoitf benoitf self-assigned this Sep 20, 2023
benoitf added a commit to benoitf/desktop that referenced this issue Sep 22, 2023
@benoitf
feat(extension): allow to run admin tasks from extensions
957c6c5 
I noticed several extensions have some code to run admin tasks
using like sudo-prompt, or pkexec

here it brings a new parameter isAdmin in the exec API
so extensions can run admin tasks

it uses for macOS osascript allowing to use touch ID

pre-req of
containers#2998

Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf mentioned this issue Sep 22, 2023
Merged
benoitf added a commit to benoitf/desktop that referenced this issue Sep 22, 2023
@benoitf
feat: allow to use touchid on macOS for admin tasks
d92e6c6 
replace adhoc calls of extensions to use the new param of exec
allowing to execute admin/privileges tasks

and for macOS as it is using osascript we can use touchID key

fixes containers#2998
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf mentioned this issue Sep 22, 2023
Merged
1 task
benoitf added a commit that referenced this issue Sep 25, 2023
@benoitf
feat(extension): allow to run admin tasks from extensions
12a5716 
I noticed several extensions have some code to run admin tasks
using like sudo-prompt, or pkexec

here it brings a new parameter isAdmin in the exec API
so extensions can run admin tasks

it uses for macOS osascript allowing to use touch ID

pre-req of
#2998

Signed-off-by: Florent Benoit <fbenoit@redhat.com>
benoitf added a commit that referenced this issue Sep 25, 2023
@benoitf
feat: allow to use touchid on macOS for admin tasks
405839e 
replace adhoc calls of extensions to use the new param of exec
allowing to execute admin/privileges tasks

and for macOS as it is using osascript we can use touchID key

fixes #2998
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@ravicious
Copy link

ravicious commented Feb 12, 2024
edited

Did you have to set up anything extra for osascript to allow Touch ID? I swear that in our app it used to just work and your screenshot clearly shows that osascript did accept Touch ID.

However, now I'm working on another feature which utilizes osascript and I found that it no longer allows me to use Touch ID. I found a couple of posts mentioning modifying /etc/pam.d/sudo. Perhaps the macOS update to Sonoma changed this?

@benoitf
Copy link
Collaborator Author

benoitf commented Feb 12, 2024

@ravicious I think it's no longer working since macOS sonoma

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benoitf benoitf

Labels
area/dashboard 📊 Concern the dashboard from Container Desktop kind/enhancement ✨ Issue for requesting an improvement
Projects
Podman Desktop Planning
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: allow to use touchid on macOS for admin tasks benoitf/desktop
2 participants
@ravicious @benoitf