I recently transitioned our imaging workflow from an OS packaged with composer to an installer created with autoDMG. I am using part of Rich Trouton's first run script to set up the WiFi. This results in the wifi being *almost* set up properly - it works everywhere except at the login window.
I installed 10.9.2 from the restore partition and found that the AirPort Network password keychain was granting access to /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/updatesprefs. I manually granted the AirPort keychain access to this application on one of my imaged machines and the wifi stays enabled at the login window.
Anybody familiar with the command line interface for modifying the keychain? I found some info on extracting passwords, but none on modifying access control.
Thanks in advance
I'm not certain if what you'd need to create is a generic keychain password or an internet password or something else entirely for this, but you should take a look at the manpage for "security"
As an example, when adding a generic password entry, these items are available to you-
add-generic-password [-h] [-a account] [-s service] [-w password] [options...] [keychain] Add a generic password item. -a account Specify account name (required) -c creator Specify item creator (optional four-character code) -C type Specify item type (optional four-character code) -D kind Specify kind (default is "application password") -G value Specify generic attribute value (optional) -j comment Specify comment string (optional) -l label Specify label (if omitted, service name is used as default label) -s service Specify service name (required) -p password Specify password to be added (legacy option, equivalent to -w) -w password Specify password to be added -A Allow any application to access this item without warning (insecure, not recommended!) -T appPath Specify an application which may access this item (multiple -T options are allowed) -U Update item if it already exists (if omitted, the item cannot already exist)
Specifically, the -T option which lets you specify an application that can access the keychain entry without asking for authorization, may be what you're after.
Hey folks, this dropped on Reddit today. The security analyst appears to have found a private key hidden inside AOSKit (it works on any Mac), but the exploit works in large part because of user security fatigue, tricking the unsuspecting person into allowing the request into Keychain.
This is why we can't have nice things.