• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: List of accounts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: List of accounts

  • Subject: Re: List of accounts
  • From: Paul Nelson <email@hidden>
  • Date: Wed, 19 Aug 2009 16:07:10 -0500
  • Thread-topic: List of accounts
Thursby's ADmitMac product will return AuthenticationAuthority for Active
Directory accounts (it also will return every last one, not just the first
1000).

If you want just local accounts that can log in, use
    dscl /Local/Default -search Users PrimaryGroupID 20


> From: Tim Murison <email@hidden>
> Date: Wed, 19 Aug 2009 16:41:52 -0400
> To: darwin dev <email@hidden>
> Subject: Re: List of accounts
>
>> This will work to an extent, but it's worth bearing in mind that if
>> you're connected to a directory service like Active Directory, you'll
>> only get the first 1000 users back (for some definition of 'first')
>> out of potentially a lot more.
>
> I'm only interested in local system accounts... At least at the moment.
>
>> You possibly also want to take into account (doubtless among other
>> things) the contents of the com.apple.access_ssh and
>> com.apple.acess_loginwindow groups, the contents of /etc/sshd_config
>> and the status of the user's password (with regard to policy), all of
>> which can affect whether a user can log in.
>>
>> If you want to be accurate, it's a tricky one!
>
> It seems that dscl . -list Users AuthenticationAuthority will only show the
> accounts that I can login to.
>
> Is it safe to say that only users with an AuthenticationAuthority attribute
> can login to the system (be it remotely or with GUI)? Is it likely that an
> application that creates its own users would give them this attribute? I'm
> guessing not since neither the www or mysql users have it.
>
> -Tim
>
>
>
> ***********************************************************************
>
> This e-mail and its attachments are confidential, legally privileged, may be
> subject to copyright and sent solely for the attention of the addressee(s).
> Any unauthorized use or disclosure is prohibited. Statements and opinions
> expressed in this e-mail may not represent those of Radialpoint.
>
> Le contenu de ce courriel est confidentiel, privilégié et peut être soumis à
> des droits d'auteur. Il est envoyé à l'intention exclusive de son ou de ses
> destinataires. Il est interdit de l'utiliser ou de le divulguer sans
> autorisation. Les opinions exprimées dans le présent courriel peuvent diverger
> de celles de Radialpoint.
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-dev mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: List of accounts
      • From: Tim Murison <email@hidden>
References: 
 >Re: List of accounts (From: Tim Murison <email@hidden>)

  • Prev by Date: Re: List of accounts
  • Next by Date: Re: 64-bit Mac OS X kernel
  • Previous by thread: Re: List of accounts
  • Next by thread: Re: List of accounts
  • Index(es):
    • Date
    • Thread