Posted on 08-29-2019 02:35 AM
Dear community,
I'm looking for a command line to add in the script that would allow all applications to access this item on Keychain Access Control.
Posted on 08-29-2019 12:35 PM
man page for security add-generic-password command show
-A Allow any application to access this item without warning
Are you using the security add-generic-password command?
Posted on 09-02-2019 02:25 AM
@jleomcdo
Can you please help me with full command. When i activate the proxy, in keychain appear 2 registrations (internet password) for for which i wants to allow all aplication to access this items whtiout any confirmation or other promnt
Posted on 09-03-2019 05:53 AM
security add-internet-password -a USERNAME -l LABEL -s ps-bxl-usr.cec.eu.int -r http -P 8080 -A
-a is the Account Name or username
-l (lower L) is Label
-s is the Server address
-r is protocol
-A is Allow all to access
See if that works. You can run this command to see all the options "security add-internet-password help"
Posted on 09-03-2019 06:27 AM
Dear @ jleomcdo thanks a lot for your help!
I executed this command, but unfortunately it creates a new record but does not modify the existing ones. upon opening the browser again it asks me for a proxy and then creates the same records again
Posted on 09-03-2019 07:32 AM
It's hit or miss in my experience with it, but you can try adding the -U
flag to "update" the existing record. Relevant entry from the manpage that shows that flag toward the bottom:
add-internet-password [-h] [-a account] [-s server] [-w password] [options...] [keychain] Add an internet password item. -a account Specify account name (required) -c creator Specify item creator (optional four-character code) -C type Specify item type (optional four-character code) -d domain Specify security domain string (optional) -D kind Specify kind (default is "application password") -j comment Specify comment string (optional) -l label Specify label (if omitted, service name is used as default label) -p path Specify path string (optional) -P port Specify port number (optional) -r protocol Specify protocol (optional four-character SecPro- tocolType, e.g. "http", "ftp ") -s server Specify server name (required) -t authenticationType Specify authentication type (as a four-character SecAuthenticationType, default is "dflt") -w password Specify password to be added. Put at end of com- mand to be prompted (recommended) -A Allow any application to access this item without warning (insecure, not recommended!) -T appPath Specify an application which may access this item (multiple -T options are allowed) -U Update item if it already exists (if omitted, the item cannot already exist)
Posted on 09-03-2019 10:06 AM
I forgot about the -U update flag. Good call.
I'd suggest that you open the record in the Keychain that is made by the browser and then compare that to the one you made with the command line. You might need to add / modify some of the fields, like "Label" or the protocol or add a port number. Play around with the "security add-internet-password" command and get it to make the keychain item exactly like the one that the browsers makes. Once you can do that, then add the -U to your command. Then give it a try
Posted on 07-30-2020 01:31 AM
Hi,
If i need to app the app to allow in the keychain certs private key. What is the full comd that i can use?
-T appPath Specify an application which may access this item
(multiple -T options are allowed)
Posted on 03-31-2022 08:59 PM
I don't think there is anyway using security to do this after the key has been imported.