[launchd-dev] launchd & launchctl Aqua session type on OSX Tiger
James Mead
james at floehopper.org
Mon Oct 12 07:41:06 PDT 2009
Grant Erickson wrote:
> On 10/9/09 7:00 AM, launchd-dev-request at lists.macosforge.org wrote:
>> I have a script which I can successfully schedule using on OSX Leopard
>> as follows :-
>>
>> launchctl load -w -S Aqua com.floehopper.script
>> Apparently I need the Aqua session type because the script accesses the
>> keychain using the SecKeychainFindGenericPassword function. If I don't
>> set the session type to Aqua, I get a errSecInteractionNotAllowed
>> "Interaction with the Security Server is not allowed" error (-25308).
>>
>> However, I also want to schedule the script on OSX Tiger, but the
>> session type -S option is not available for launchctl.
>>
>> I've tried calling the SecKeychainSetUserInteractionAllowed function
>> with the state parameter set to false, but then I end up with a
>> errSecAuthFailed "Authorization/Authentication failed" error (-25293).
>>
>> Does anyone have any ideas how I might get this working on OSX Tiger?
>
> James:
>
> I'd recommend you read:
>
> http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html
>
> LaunchAgents are, unfortunately, DOA (dead on arrival) in Tiger.
Hi Grant,
Thanks for your reply. I've read the Apple technical note, but I'm a
little confused. I want to use my Launch Agent as a scheduled task, not
as something that happens at login. Also I only want to support systems
where a single user is logging in via the GUI and not via ssh. The
warning below seems to imply that I should not have any problems. Or am
I missing something?
> WARNING: Prior to Mac OS X 10.5, launchd agents were not particularly
> useful because there was no way for the agent to specify the type of
> login session that the agent required (r. 4255854) . Thus, you
> couldn't use a launchd agent as the equivalent of a global login item
> because it might be launched in the context of non-GUI login session.
> Mac OS X 10.5 has addressed this limitation, as described below.
> However, if you have to support older systems, you should investigate
> some of the alternative technologies described in Deprecated Daemonomicon.
Also even in Leopard, I found I needed to set the session type to Aqua,
whereas the technical note implies that the session type should default
to Aqua.
> To run your agent in a particular session type, use the session type
> strings from Table 1 as the value of the LimitLoadToSessionType
> property in your agent's property list file. If you want to run in
> more than one session type, you can set LimitLoadToSessionType to an
> array, where each element is a session type string. If you don't
> specify the LimitLoadToSessionType property, launchd assumes a value
> of Aqua.
I have to admit I don't really understand why I need to set the session
type to Aqua to access the keychain programmatically in the first place!
Regards, James.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/launchd-dev/attachments/20091012/1ec33591/attachment.html>
More information about the launchd-dev
mailing list