-
Notifications
You must be signed in to change notification settings - Fork 25
Keychain minder does not accept password El Capitan 11.3 #10
Comments
Are the affected users' accounts 'Standard' non-admin accounts? |
hey! they are standard users and network accounts to simulate I changed the users password directly in active directory, so that the user logs in with a different password than their keychain. keychainminder comes up first thing in front of everything (awesome) but the password does not work. I'll try with an admin account now and let you know. |
Oddly, we just noticed this issue ourselves a few minutes ago and have a fix prepared. Watch this space! |
haha wow thats awesome. how ironic that free software is better supported than Apples OS or anything Microsoft. thank you very much |
`system.login.tty` uses the `default` rule which requires `admin` group membership. `security authorizationdb read system.login.tty` ```xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>class</key> <string>rule</string> <key>created</key> <real>477499297.08687699</real> <key>modified</key> <real>477499297.08687699</real> <key>rule</key> <array> <string>default</string> </array> <key>version</key> <integer>1</integer> </dict> </plist> ``` `security authorizationdb read default` ```xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>allow-root</key> <false/> <key>authenticate-user</key> <true/> <key>class</key> <string>user</string> <key>comment</key> <string>Default rule. Credentials remain valid for 5 minutes after they've been obtained. An acquired credential is shared by all clients. </string> <key>created</key> <real>477499297.08687699</real> <key>group</key> <string>admin</string> <key>modified</key> <real>477499297.08687699</real> <key>session-owner</key> <false/> <key>shared</key> <true/> <key>timeout</key> <integer>300</integer> <key>tries</key> <integer>10000</integer> <key>version</key> <integer>0</integer> </dict> </plist> ``` To fix this we will use the `authenticate` right to check the user's password. This seems to work okay in testing. We should keep an eye on this in case a calling loop occurs because `KeychainMinder:check,privileged` in apart of `authenticate`. Associated Issues: * #10
@SillySalamander This latest pull request should clear up the issue completely. Once approved we will post a new release and binaries. |
Any news on a new release? |
Just posted v1.6 |
Keychain minder is not accepting correct password in either forgot password or know password options.
The text was updated successfully, but these errors were encountered: