• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: List of accounts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: List of accounts

  • Subject: Re: List of accounts
  • From: Axel Luttgens <email@hidden>
  • Date: Thu, 20 Aug 2009 23:26:23 +0200
Le 20 août 09 à 16:00, Tim Murison a écrit :

If you want just local accounts that can log in, use
   dscl /Local/Default -search Users PrimaryGroupID 20


Thanks for the suggestion.

Does the system require that a user be a member of the gid=20 ("Users")
group to log in? [...] 

No. That would be too easy... ;-)


I guess the crux of my question would be, is this what
Apple uses to populate the accounts system preferences dialog?


The real question is: what do you mean by "being able to log in"?

For example, you asked about the AuthenticationAuthority attribute.
Even without such an attribute in his record, a user might be able to authenticate: when absent, the AuthenticationAuthority attribute defaults to "Basic". A basic authentication scheme means that the user's password is expected to be stored as a traditional unix salted- encrypted into the Password attribute of the user's record.
On the other hand, a user's account may be disabled with the appearance of a "Disabled" value in the AuthenticationAuthority attribute; but an account may also be disabled through the Password Server, should that account be governed by the Password Server.

Now come the conventions traditionally adopted by the various services.
For example, for being able to open a ftp session, the user's shell must appear in /etc/shells.
On the other hand, an ssh session could be opened with the help of a public key.

Then come the restrictions implemented by Apple's conventions.
As Geoff already wrote, depending on the server's settings, a user may be required to belong to certain groups (com.apple.access_ssh, com.apple.acess_loginwindow...) so as to be able to access certain services.

Finally, there are those services that just don't go through the system and create their own users and manage authentication according to their own rules. As you already noticed,a MySQL user is ... a MySQL user, and the system doesn't know anything about that user. The same way, Postfix may handle its own users, and they don't need to appear in some kind of system directory.

Given all those possibilities, does your original question still hold?
As a reminder: "I'm trying to determine how to get a list of BSD user ids that can login to
the machine, either with a GUI or via ssh".

HTH,
Axel

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: List of accounts

      • From: Tim Murison <email@hidden>
      • 





References: 


 >Re: List of accounts (From: Tim Murison <email@hidden>)






    

  • Prev by Date:
CFFileDescriptor fd leak?

    • 

  • Next by Date:
Re: which pages of the file are in the cache

    • 

  • Previous by thread:
Re: List of accounts

    • 

  • Next by thread:
Re: List of accounts

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •