[Tokend-Dev] Displaying a GUI from tokend
Francois-Eric Guyomarch
fguyomarch at hidglobal.com
Mon Jun 29 01:39:21 PDT 2015
Our tokend supports a PIN caching mechanism. On PIN caching expiry the
user must be re-prompted for his/her PIN. We are currently unable to
display a GUI from the tokend. This results in freeze or crash.
We have tried several different approaches including:
On PIN caching expiry trying to force the tokend to reload the ACL so we
can change the ACL on the PIN object to PwdPromptSubject so as to
trigger a prompt by the caller. This fails as it looks like there is no
way to change the ACLs on the PIN during the tokend lifecycle.
Invoking a different component (that would prompt for the GUI) from the
tokend . The IPC mechanism using standard MACOS XPC. We have tried the
following components:
XPC service
Launch Agent
Daemon.
In all cases the tokend either fails to connect to the external
component and/ or the external component can't display a GUI either.
Our analysis is that the security context of the tokend prevents any
possible architecture that would allow to prompt for a GUI. We'd like to
confirm that statement.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/tokend-dev/attachments/20150629/1ace423a/attachment.html>
More information about the Tokend-Dev
mailing list