Re: Administrator password
Re: Administrator password
- Subject: Re: Administrator password
- From: Terry Lambert <email@hidden>
- Date: Tue, 14 Nov 2006 00:32:12 -0800
On Nov 13, 2006, at 9:08 PM, Jerry Krinock wrote:
on 06/11/10 20:05, Dan Shoop at email@hidden wrote:
First you might check to verify that they gave you a admin user by
checking to see if it's a member of the admin group.
Next you can check that the password they gave you is correct with
`chkpasswd`; see it's man page.
The second part (chkpasswd) is easy. Although, as Terry pointed out,
chkpasswd asks for the password interactively, in a program I can
pipe the
password to std in, and it works perfectly: It returns 0 if the
password is
correct, 1 otherwise.
But the first part, getting a list of system admins, has me
stumped. I can
can see what I want by launching NetInfo Manager. A window named
"local@localhost" opens and shows me a database browser. If I
browse to
groups > admin > users, I see exactly what I want: A list of all the
admin
users on my Mac!!
But how can I get this list on the command line? Hint: NetInfo
Manager is
probably a GUI for some command-line program or it reads a database
file,
right? Maybe something to do with netinfod and /etc/netinfo, but
where is
the door to get in there?
There are a couple of ways to do this.
The most correct method to enumerate group membership is to call
getgrnam() to enumerate the group "admin".
From the command line, you can also use:
nidump group . | grep \^admin:
However, I recommend against using the command line approach; if you
call getgrnam(), then you are guaranteed to work whether or not you
are using netinfo or Apple Directory, NIS, NIS+, Active Directory, or
some other directory services.
Be aware that some directory services do not permit enumeration of
group members, or support the concept of a group being a member of a
group; if that is the case, then it may not be possible to get a
complete answer when you ask the question "who are the admin users?".
In general, you won't need an enumeration of groups anyway, since you
should specifically be using pam_start(3) with a pointer to your
conversation function, followed by pam_authenticate(3) to do the
authentication.
You really ought to be looking at login.c from the project
system_cmds. This is downloadable from the Darwin sources, which can
be accessed via <http://opensource.apple.com> using your registered
developer login.
There's also some good documentation on proper use of the PAM API at:
<http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_ADG.html
>
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden