04-25-2004, 06:27 PM

I posted this in the OS area, but I think this is aslo a forum this should be in.

I am attempting to write a script that (when run only by root) will be able
to create a user with a password. Now this dosent seem hard, except that
the creation has to be done with out interaction from the user. Hence the
command 'passwd ' is out. So I found that in

Code:

/private/usr/db/shadow/hash/gnereateduid

is where the password is stored. I am wondering how to generate that
password. In the netInfo database if

passwod_authentication is set to ;Basic;
then a htpasswd -nb passwordhere

stored in the passwd field works. And as I have heard this is the standard
for pre 10.3 versions of X. But 10.3 now allows the ;ShadowHash; option
for authentication. And I am wondering how to generate that
ShadowHash'd password.

Any help would be awesome, even if it's "I dont know at all" would be cool.

Thanks

--
Dave Walker

04-25-2004, 06:54 PM

I'm firstly wondering why you want to have a script to create a user - are you just trying to automate the process to skip steps? The creation of a password by script would have to be a string generator, I would think. Seems a bit of a bother for an app rarely used

04-26-2004, 09:38 AM

The purpose is to have a - root level - account on all the machines with different passwords. So in the event we need to go to a user, and they forget their administration password, we always have a user to fall back on (via the install cd to reset the password). The password is got via a perl script that genereates a random 64 character password.

The purpose to the password, is that each admin account has a different unknown password, so in the event someone found it, or hacked it.. it would be for that machine, and only for 1 day.

04-26-2004, 02:13 PM

There is a similar back up password in file vault

04-27-2004, 09:26 AM

I do not believe what I am looking to do is for file vault. I am not trying to protect the home directory. I am trying to create a seprate entity in the NI database.

04-27-2004, 01:53 PM

You mean like a new user with low level permissions?

04-29-2004, 02:12 AM

Yes, I want to create a new user, via the command line. And be able to
set that users password with out being prompted/have any interaction
from the end user.

Dave

04-29-2004, 01:23 PM

This can be done - from an article I found:
#!/bin/sh
if [[ -z $1 ]]; then
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -suspend
else
USERID=`id -u $1`;
if [[ -z $USERID ]]; then
exit -1;
fi;
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -switchToUserID $USERID
fi;
hope this helps!

04-29-2004, 06:26 PM

no i am not looking for fast user switching, via the command line. I am just looking to set a users password via the command line, with out anyone interacting with that password.

I looked through the passwd source, and see that there are calls to ni_* but the ni_* functions do not seem to be available (Apple code???) I did this to see if i could take out the new password: and re-enter new password promompts, and just add another command line argument that passwd would take... ex: passwd user password and it would set that users password with password, and not prompt for anything.

04-29-2004, 07:28 PM

So what you need is to be able in interpret the password un hashed in the CLI?

04-30-2004, 03:15 AM

use sudo chpass -a

You asked about the 10.3 hash... how it's generated...
The first 64 chars are NTLM MD4 hash, used for File sharing (samba)
The remaining 40 chars are SHA1 hash.
Not that it's related to your question, since if I understand your question correctly, chpass should do it for you.

04-30-2004, 09:35 AM

Alright, that is almost what I am looking for (if those are the right specs). chpass dosent quite do what i am looking for, or it dosent look like it does. I guess that is good enough help. Now to figure out how to generate the NTLM MD4. openssl takes care of the sha1.

04-30-2004, 11:32 PM

If you find out something more about root access and control of user/password from the CLI, I would very much appreciate a post

11-08-2004, 10:19 AM

Hello,

this script creates a password on the commandline, however you have to use 'expect' to create the password via:
passwd -i netinfo username

You can either run directly an expect script or wrap it with zsh...

I pass the parameters via the command line
------ start script
#!/bin/zsh
username=$1
password=$2

expect<<EOF
spawn "passwd -i netinfo" $username
expect "ssword:"
send $password\r
expect "ssword:"
send $password\r
expect eof
EOF
------ end script

Hope that helps... I lost about 2 days to find this out....

Best M.