I'm trying to override the default login/lock screen in OS X to allow the user to login in other way than providing a password (think fingerprint scanner or how "Knock to unlock" works), and I'm looking for a way to do it for hours now - all I found that looks useful is the Authorization Plugin ADC reference and this example: https://developer.apple.com/library/mac/samplecode/NameAndPassword/Introduction/Intro.html#//apple_ref/doc/uid/DTS10004022
This NameAndPassword xcode project is a little outdated, but I managed to build it simply by specifying the Base SDK (there was a hardcoded wrong path), then I put the resulting .bundle file into /Library/Security/SecurityAgentPlugins
directory. Nothing changed after I locked my screen, but I know I need to add the authorization role to /etc/authorization
file, which I know no longer exists in Mavericks (there is this auth.db file and the whole auth API), but I'm therefore stuck here - I don't know how to put NameAndPassword inside this database.
Please let me know how do I do it right, or if you know some other way to achieve my goal.
I found a way to edit the database - at first, I tried direct /var/private/db/auth.db
sqlite modifications, but it didn't work, so after some time I managed to do this easier than I thought I will:
security authorizationdb read system.login.console > outfile.plist
After this, you need to modify the resulting outfile.plist
as it's said in the NullAuthPlugin readme:
<key>mechanisms</key>
<array>
<string>NameAndPassword:invoke</string>
(the last line is the one you need to add to the file).
Then, to save it to the database:
security authorizationdb write system.login.console < outfile.plist
Then the changes should be visible on any login/lock screen of your system, but be careful!
You will not be able to authenticate with current version of NameAndPassword example!
Be sure to estabilish a working SSH connection to your Mac before you modify the database, so you will be able to revert the changes using other device (just repeat the db modification process but this time remove the line you added before).