site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Nov 13, 2006, at 9:08 PM, Jerry Krinock wrote: on 06/11/10 20:05, Dan Shoop at shoop@iwiring.net wrote: First you might check to verify that they gave you a admin user by checking to see if it's a member of the admin group. Next you can check that the password they gave you is correct with `chkpasswd`; see it's man page. There are a couple of ways to do this.
From the command line, you can also use: nidump group . | grep \^admin: There's also some good documentation on proper use of the PAM API at: -- Terry
Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... The second part (chkpasswd) is easy. Although, as Terry pointed out, chkpasswd asks for the password interactively, in a program I can pipe the password to std in, and it works perfectly: It returns 0 if the password is correct, 1 otherwise. But the first part, getting a list of system admins, has me stumped. I can can see what I want by launching NetInfo Manager. A window named "local@localhost" opens and shows me a database browser. If I browse to groups > admin > users, I see exactly what I want: A list of all the admin users on my Mac!! But how can I get this list on the command line? Hint: NetInfo Manager is probably a GUI for some command-line program or it reads a database file, right? Maybe something to do with netinfod and /etc/netinfo, but where is the door to get in there? The most correct method to enumerate group membership is to call getgrnam() to enumerate the group "admin". However, I recommend against using the command line approach; if you call getgrnam(), then you are guaranteed to work whether or not you are using netinfo or Apple Directory, NIS, NIS+, Active Directory, or some other directory services. Be aware that some directory services do not permit enumeration of group members, or support the concept of a group being a member of a group; if that is the case, then it may not be possible to get a complete answer when you ask the question "who are the admin users?". In general, you won't need an enumeration of groups anyway, since you should specifically be using pam_start(3) with a pointer to your conversation function, followed by pam_authenticate(3) to do the authentication. You really ought to be looking at login.c from the project system_cmds. This is downloadable from the Darwin sources, which can be accessed via <http://opensource.apple.com> using your registered developer login. <http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_ADG.html
This email sent to site_archiver@lists.apple.com