New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Development and Darwin Discussion and questions about development for Mac OS X.

NetInfo and password creation


Post Reply New Thread Subscribe

 
Thread Tools
azrail
Guest
 
Posts: n/a

I posted this in the OS area, but I think this is aslo a forum this should be in.

I am attempting to write a script that (when run only by root) will be able
to create a user with a password. Now this dosent seem hard, except that
the creation has to be done with out interaction from the user. Hence the
command 'passwd ' is out. So I found that in
Code:
/private/usr/db/shadow/hash/gnereateduid
is where the password is stored. I am wondering how to generate that
password. In the netInfo database if

passwod_authentication is set to ;Basic;
then a htpasswd -nb passwordhere

stored in the passwd field works. And as I have heard this is the standard
for pre 10.3 versions of X. But 10.3 now allows the ;ShadowHash; option
for authentication. And I am wondering how to generate that
ShadowHash'd password.

Any help would be awesome, even if it's "I dont know at all" would be cool.

Thanks

--
Dave Walker
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
I'm firstly wondering why you want to have a script to create a user - are you just trying to automate the process to skip steps? The creation of a password by script would have to be a string generator, I would think. Seems a bit of a bother for an app rarely used
QUOTE Thanks
azrail
Guest
 
Posts: n/a

The purpose is to have a - root level - account on all the machines with different passwords. So in the event we need to go to a user, and they forget their administration password, we always have a user to fall back on (via the install cd to reset the password). The password is got via a perl script that genereates a random 64 character password.

The purpose to the password, is that each admin account has a different unknown password, so in the event someone found it, or hacked it.. it would be for that machine, and only for 1 day.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
There is a similar back up password in file vault
QUOTE Thanks
azrail
Guest
 
Posts: n/a

I do not believe what I am looking to do is for file vault. I am not trying to protect the home directory. I am trying to create a seprate entity in the NI database.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
You mean like a new user with low level permissions?
QUOTE Thanks
azrail
Guest
 
Posts: n/a

Yes, I want to create a new user, via the command line. And be able to
set that users password with out being prompted/have any interaction
from the end user.

Dave
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
This can be done - from an article I found:
#!/bin/sh
if [[ -z $1 ]]; then
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -suspend
else
USERID=`id -u $1`;
if [[ -z $USERID ]]; then
exit -1;
fi;
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -switchToUserID $USERID
fi;
hope this helps!
QUOTE Thanks
azrail
Guest
 
Posts: n/a

no i am not looking for fast user switching, via the command line. I am just looking to set a users password via the command line, with out anyone interacting with that password.

I looked through the passwd source, and see that there are calls to ni_* but the ni_* functions do not seem to be available (Apple code???) I did this to see if i could take out the new password: and re-enter new password promompts, and just add another command line argument that passwd would take... ex: passwd user password and it would set that users password with password, and not prompt for anything.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
So what you need is to be able in interpret the password un hashed in the CLI?
QUOTE Thanks
dr_springfield
Guest
 
Posts: n/a

use sudo chpass -a

You asked about the 10.3 hash... how it's generated...
The first 64 chars are NTLM MD4 hash, used for File sharing (samba)
The remaining 40 chars are SHA1 hash.
Not that it's related to your question, since if I understand your question correctly, chpass should do it for you.
QUOTE Thanks
azrail
Guest
 
Posts: n/a

Alright, that is almost what I am looking for (if those are the right specs). chpass dosent quite do what i am looking for, or it dosent look like it does. I guess that is good enough help. Now to figure out how to generate the NTLM MD4. openssl takes care of the sha1.
QUOTE Thanks
witeshark

 
witeshark's Avatar
 
Member Since: Mar 09, 2004
Location: Miami FL
Posts: 2,860
witeshark will become famous soon enough
Mac Specs: G4 1Ghz OS X 10.4.7

witeshark is offline
If you find out something more about root access and control of user/password from the CLI, I would very much appreciate a post
QUOTE Thanks
mhaury
Guest
 
Posts: n/a

Hello,

this script creates a password on the commandline, however you have to use 'expect' to create the password via:
passwd -i netinfo username

You can either run directly an expect script or wrap it with zsh...

I pass the parameters via the command line
------ start script
#!/bin/zsh
username=$1
password=$2

expect<<EOF
spawn "passwd -i netinfo" $username
expect "ssword:"
send $password\r
expect "ssword:"
send $password\r
expect eof
EOF
------ end script

Hope that helps... I lost about 2 days to find this out....

Best M.
QUOTE Thanks

Post Reply New Thread Subscribe


« [ANN] New comprehensive AppleScript book | Good DASM prog for osx? »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 06:41 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?