site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Thread-index: AcohDXtGbWFzwv9F6kK3zREJ/ln5tAAA4jOc Thread-topic: List of accounts User-agent: Microsoft-Entourage/12.14.0.081024 Thursby's ADmitMac product will return AuthenticationAuthority for Active Directory accounts (it also will return every last one, not just the first 1000). If you want just local accounts that can log in, use dscl /Local/Default -search Users PrimaryGroupID 20
From: Tim Murison <tim.murison@radialpoint.com> Date: Wed, 19 Aug 2009 16:41:52 -0400 To: darwin dev <darwin-dev@lists.apple.com> Subject: Re: List of accounts
This will work to an extent, but it's worth bearing in mind that if you're connected to a directory service like Active Directory, you'll only get the first 1000 users back (for some definition of 'first') out of potentially a lot more.
I'm only interested in local system accounts... At least at the moment.
You possibly also want to take into account (doubtless among other things) the contents of the com.apple.access_ssh and com.apple.acess_loginwindow groups, the contents of /etc/sshd_config and the status of the user's password (with regard to policy), all of which can affect whether a user can log in.
If you want to be accurate, it's a tricky one!
It seems that dscl . -list Users AuthenticationAuthority will only show the accounts that I can login to.
Is it safe to say that only users with an AuthenticationAuthority attribute can login to the system (be it remotely or with GUI)? Is it likely that an application that creates its own users would give them this attribute? I'm guessing not since neither the www or mysql users have it.
-Tim
***********************************************************************
This e-mail and its attachments are confidential, legally privileged, may be subject to copyright and sent solely for the attention of the addressee(s). Any unauthorized use or disclosure is prohibited. Statements and opinions expressed in this e-mail may not represent those of Radialpoint.
Le contenu de ce courriel est confidentiel, privilégié et peut être soumis à des droits d'auteur. Il est envoyé à l'intention exclusive de son ou de ses destinataires. Il est interdit de l'utiliser ou de le divulguer sans autorisation. Les opinions exprimées dans le présent courriel peuvent diverger de celles de Radialpoint. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/nelson%40thursby.com
This email sent to nelson@thursby.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com