- Jamf Nation Community
- Products
- Jamf Pro
- script to modify keychain
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
script to modify keychain
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2014 11:39 AM
Hi All,
I recently transitioned our imaging workflow from an OS packaged with composer to an installer created with autoDMG. I am using part of Rich Trouton's first run script to set up the WiFi. This results in the wifi being *almost* set up properly - it works everywhere except at the login window.
I installed 10.9.2 from the restore partition and found that the AirPort Network password keychain was granting access to /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/updatesprefs. I manually granted the AirPort keychain access to this application on one of my imaged machines and the wifi stays enabled at the login window.
Anybody familiar with the command line interface for modifying the keychain? I found some info on extracting passwords, but none on modifying access control.
Thanks in advance
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2014 12:08 PM
I'm not certain if what you'd need to create is a generic keychain password or an internet password or something else entirely for this, but you should take a look at the manpage for "security"
As an example, when adding a generic password entry, these items are available to you-
add-generic-password [-h] [-a account] [-s service] [-w password]
[options...] [keychain]
Add a generic password item.
-a account Specify account name (required)
-c creator Specify item creator (optional four-character
code)
-C type Specify item type (optional four-character code)
-D kind Specify kind (default is "application password")
-G value Specify generic attribute value (optional)
-j comment Specify comment string (optional)
-l label Specify label (if omitted, service name is used as
default label)
-s service Specify service name (required)
-p password Specify password to be added (legacy option,
equivalent to -w)
-w password Specify password to be added
-A Allow any application to access this item without
warning (insecure, not recommended!)
-T appPath Specify an application which may access this item
(multiple -T options are allowed)
-U Update item if it already exists (if omitted, the
item cannot already exist)Specifically, the -T option which lets you specify an application that can access the keychain entry without asking for authorization, may be what you're after.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-05-2016 11:36 PM
Hey folks, this dropped on Reddit today. The security analyst appears to have found a private key hidden inside AOSKit (it works on any Mac), but the exploit works in large part because of user security fatigue, tricking the unsuspecting person into allowing the request into Keychain.
https://www.reddit.com/r/netsec/comments/5bbl9j/decrypting_icloud_authorization_tokens_on_macos/
This is why we can't have nice things.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-02-2019 05:45 AM
Hi,
Who can help me with script that could do this
Open Keychain Access.
- Find my internet password keychain
- Double-click, goto Acces Control tab.
- Select ‘Allow all applications to access this item’.
- Save the changes.
