<br><div><span class="gmail_quote">On 1/1/08, <b class="gmail_sendername">Ryan Schmidt</b> <<a href="mailto:ryandesign@macports.org">ryandesign@macports.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>On Jan 1, 2008, at 22:32, Jordan K. Hubbard wrote:<br><br>> On Jan 1, 2008, at 8:01 PM, Tabitha McNerney wrote:<br>><br>>> Jordan, appreciate the further clarity. Quick question then (just<br>>> to make sure I'm ultra clear) -- even if a MacPort installs a new
<br>>> entry in the local directory domain with a "Crypt Password" type,<br>>> what you're saying is that in reality, under Leopard Server (and<br>>> the past few versions of Mac OS X Server) this password is a
<br>>> Shadow Password disguised to the system as a Crypt Password? I ask<br>>> because using Workgroup Manager on Leopard Server, I can select<br>>> the user that was installed by the MacPort (for example, take the
<br>>> openldap MacPort which installs a local directory domain entry<br>>> with the username "ldap", UID "500" and a User Password Type of<br>>> "Crypt Password" and I can select the pop-up menu with the "Crypt
<br>>> Password" selection and change the type to either "Shadow<br>>> Password" or "OpenDirectory" because I am also running an<br>>> OpenDirectory Master on the same machine).<br>
><br>> I'm not sure how MacPorts installs user records on Leopard (I've<br>> never looked). Presumably, it just drops a plist file into /var/db/<br>> dslocal/nodes/Default/users since that's all you need to do in
<br>> Leopard. The contents of that plist file, however, can specify a<br>> number of different password types - "it all depends" is about the<br>> best answer I can give you there. You should look at the
<br>> authentication_authority array in the user plists you're wondering<br>> about and verify that they're doing whatever it is you want them to<br>> do (this is an array value, so there are multiple options here).
<br>> I'd be surprised if MacPorts was using some obsolete password<br>> types, but you never know I guess.<br><br>It looks like MacPorts uses dscl to create users and groups, on all<br>versions of Mac OS X. See src/port1.0/portutil.tcl.
<br><br>proc adduser {name args} {<br> global os.platform<br> set passwd {*}<br> set uid [nextuid]<br> set gid [existsgroup nogroup]<br> set realname ${name}<br> set home /dev/null<br> set shell /dev/null
<br><br> foreach arg $args {<br> if {[regexp {([a-z]*)=(.*)} $arg match key val]} {<br> regsub -all " " ${val} "\\ " val<br> set $key $val<br> }<br> }<br>
<br> if {[existsuser ${name}] != 0 || [existsuser ${uid}] != 0} {<br> return<br> }<br><br> if {${os.platform} eq "darwin"} {<br> exec dscl . -create /Users/${name} Password ${passwd}</blockquote>
<div><br>I just checked the man page for dscl on Leopard Server (sorry I don't have a copy of Leopard (non-Server) but its probably the same). It strikes me that dscl is just fine (it would be a major hassle to change MacPorts ports) and it should be left up to the system administrator who takes responsibility for installing and maintaining MacPorts on a Mac OS X / Mac OS X Server system to decide what to do with passwords after the installation by MacPorts:
<br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"> <span style="font-weight: bold;">passwd</span><br> Usage: passwd user_path [new_pasword | old_password new_pasword]
<br><br> Changes a password for a user. The user must be specified by full path, not just a username. If you are authenticated to the node (either by specifying the -u<br> and -P flags or by using the auth command when in interactive node) then you can simply specify a new password. If you are not authenticated then the user's old
<br> password must be specified. If passwords are not specified while in interactive mode, you will be prompted for them.<br></blockquote><br>Thanks for touching on this subject,<br><br>T.M.<br><br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
exec dscl . -create /Users/${name} UniqueID ${uid}<br> exec dscl . -create /Users/${name} PrimaryGroupID ${gid}<br> exec dscl . -create /Users/${name} RealName ${realname}<br> exec dscl . -create /Users/${name} NFSHomeDirectory ${home}
<br> exec dscl . -create /Users/${name} UserShell ${shell}<br> } else {<br> # XXX adduser is only available for darwin, add more support<br>here<br> ui_warn "WARNING: adduser is not implemented on $
<br>{os.platform}."<br> ui_warn "The requested user was not created."<br> }<br>}<br><br><br></blockquote></div><br>