Ok to switch from Crypt to Shadow Password?

[Ryan Schmidt]

On Jan 1, 2008, at 22:32, Jordan K. Hubbard wrote:

> On Jan 1, 2008, at 8:01 PM, Tabitha McNerney wrote:
>
>> Jordan, appreciate the further clarity. Quick question then (just  
>> to make sure I'm ultra clear) -- even if a MacPort installs a new  
>> entry in the local directory domain with a "Crypt Password" type,  
>> what you're saying is that in reality, under Leopard Server (and  
>> the past few versions of Mac OS X Server) this password is a  
>> Shadow Password disguised to the system as a Crypt Password? I ask  
>> because using Workgroup Manager on Leopard Server, I can select  
>> the user that was installed by the MacPort (for example, take the  
>> openldap MacPort which installs a local directory domain entry  
>> with the username "ldap", UID "500" and a User Password Type of  
>> "Crypt Password" and I can select the pop-up menu with the "Crypt  
>> Password" selection and change the type to either "Shadow  
>> Password" or "OpenDirectory" because I am also running an  
>> OpenDirectory Master on the same machine).
>
> I'm not sure how MacPorts installs user records on Leopard (I've  
> never looked).  Presumably, it just drops a plist file into /var/db/ 
> dslocal/nodes/Default/users since that's all you need to do in  
> Leopard.  The contents of that plist file, however, can specify a  
> number of different password types - "it all depends" is about the  
> best answer I can give you there.  You should look at the  
> authentication_authority array in the user plists you're wondering  
> about and verify that they're doing whatever it is you want them to  
> do (this is an array value, so there are multiple options here).    
> I'd be surprised if MacPorts was using some obsolete password  
> types, but you never know I guess.

It looks like MacPorts uses dscl to create users and groups, on all  
versions of Mac OS X. See src/port1.0/portutil.tcl.

proc adduser {name args} {
     global os.platform
     set passwd {*}
     set uid [nextuid]
     set gid [existsgroup nogroup]
     set realname ${name}
     set home /dev/null
     set shell /dev/null

     foreach arg $args {
         if {[regexp {([a-z]*)=(.*)} $arg match key val]} {
             regsub -all " " ${val} "\\ " val
             set $key $val
         }
     }

     if {[existsuser ${name}] != 0 || [existsuser ${uid}] != 0} {
         return
     }

     if {${os.platform} eq "darwin"} {
         exec dscl . -create /Users/${name} Password ${passwd}
         exec dscl . -create /Users/${name} UniqueID ${uid}
         exec dscl . -create /Users/${name} PrimaryGroupID ${gid}
         exec dscl . -create /Users/${name} RealName ${realname}
         exec dscl . -create /Users/${name} NFSHomeDirectory ${home}
         exec dscl . -create /Users/${name} UserShell ${shell}
     } else {
         # XXX adduser is only available for darwin, add more support  
here
         ui_warn "WARNING: adduser is not implemented on $ 
{os.platform}."
         ui_warn "The requested user was not created."
     }
}