NetInfo and password creation

A

azrail

Guest
I posted this in the OS area, but I think this is aslo a forum this should be in.

I am attempting to write a script that (when run only by root) will be able
to create a user with a password. Now this dosent seem hard, except that
the creation has to be done with out interaction from the user. Hence the
command 'passwd ' is out. So I found that in
Code:
/private/usr/db/shadow/hash/gnereateduid
is where the password is stored. I am wondering how to generate that
password. In the netInfo database if

passwod_authentication is set to ;Basic;
then a htpasswd -nb passwordhere

stored in the passwd field works. And as I have heard this is the standard
for pre 10.3 versions of X. But 10.3 now allows the ;ShadowHash; option
for authentication. And I am wondering how to generate that
ShadowHash'd password.

Any help would be awesome, even if it's "I dont know at all" would be cool.

Thanks

--
Dave Walker
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
I'm firstly wondering why you want to have a script to create a user - are you just trying to automate the process to skip steps? The creation of a password by script would have to be a string generator, I would think. Seems a bit of a bother for an app rarely used
 
OP
A

azrail

Guest
The purpose is to have a - root level - account on all the machines with different passwords. So in the event we need to go to a user, and they forget their administration password, we always have a user to fall back on (via the install cd to reset the password). The password is got via a perl script that genereates a random 64 character password.

The purpose to the password, is that each admin account has a different unknown password, so in the event someone found it, or hacked it.. it would be for that machine, and only for 1 day.
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
There is a similar back up password in file vault
 
OP
A

azrail

Guest
I do not believe what I am looking to do is for file vault. I am not trying to protect the home directory. I am trying to create a seprate entity in the NI database.
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
You mean like a new user with low level permissions?
 
OP
A

azrail

Guest
Yes, I want to create a new user, via the command line. And be able to
set that users password with out being prompted/have any interaction
from the end user.

Dave
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
This can be done - from an article I found:
#!/bin/sh
if [[ -z $1 ]]; then
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -suspend
else
USERID=`id -u $1`;
if [[ -z $USERID ]]; then
exit -1;
fi;
# robg note: Please enter the next two lines as one without
# any spaces between the "/" and the "R"
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/
Resources/CGSession -switchToUserID $USERID
fi;
hope this helps!
 
OP
A

azrail

Guest
no i am not looking for fast user switching, via the command line. I am just looking to set a users password via the command line, with out anyone interacting with that password.

I looked through the passwd source, and see that there are calls to ni_* but the ni_* functions do not seem to be available (Apple code???) I did this to see if i could take out the new password: and re-enter new password promompts, and just add another command line argument that passwd would take... ex: passwd user password and it would set that users password with password, and not prompt for anything.
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
So what you need is to be able in interpret the password un hashed in the CLI?
 
OP
D

dr_springfield

Guest
use sudo chpass -a

You asked about the 10.3 hash... how it's generated...
The first 64 chars are NTLM MD4 hash, used for File sharing (samba)
The remaining 40 chars are SHA1 hash.
Not that it's related to your question, since if I understand your question correctly, chpass should do it for you.
 
OP
A

azrail

Guest
Alright, that is almost what I am looking for (if those are the right specs). chpass dosent quite do what i am looking for, or it dosent look like it does. I guess that is good enough help. Now to figure out how to generate the NTLM MD4. openssl takes care of the sha1.
 
Joined
Mar 9, 2004
Messages
2,860
Reaction score
21
Points
38
Location
Miami FL
Your Mac's Specs
G4 1Ghz OS X 10.4.7
If you find out something more about root access and control of user/password from the CLI, I would very much appreciate a post :)
 
OP
M

mhaury

Guest
OSX 10.3 Password on CommandLine - A Solution

Hello,

this script creates a password on the commandline, however you have to use 'expect' to create the password via:
passwd -i netinfo username

You can either run directly an expect script or wrap it with zsh...

I pass the parameters via the command line
------ start script
#!/bin/zsh
username=$1
password=$2

expect<<EOF
spawn "passwd -i netinfo" $username
expect "ssword:"
send $password\r
expect "ssword:"
send $password\r
expect eof
EOF
------ end script

Hope that helps... I lost about 2 days to find this out....

Best M.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top