[Macpartners] authentication->loginhook->authorization
Duncan Kincaid
dsk at MIT.EDU
Fri Jun 10 14:11:58 EDT 2005
a (silly?) question:
has anyone succeeded in having a loginhook script run BEFORE a
directory services lookup is executed during login sequence?
thanks
dk
reason for question below (if interested):
objective: have any athena user login to our 'macathenised' macs
without our having to provide LDAP directory services. (there is no OS
X Directory Access plug-in for moira... yet... ever?)
plan: user authenticates against KDC, then loginhook shell script runs
which creates user's netinfo record on the fly, then login continues by
accessing the just created local netinfo record and completes.
thought this might work given loginwindow documentation. but doesn't
seem to.
in particular, it appears loginhook simply does not run unless the mac
can find a netinfo (or LDAP, i.e. Directory Services) entry for the
user logging in. in other words, contrary to my understanding,
loginwindow executes a directory services lookup immediately following
authentication THEN runs loginhook if user record found. i suppose this
perfectly reasonable, but no less disappointing.
any ideas as to how i might get a script running AFTER user
authenticates, but BEFORE loginwindow's directory services lookup would
be most welcome.
[the aforementioned loginhook shell script grabs the username, gets the
user's uid with a 'pts examine', and calculates the athena home
directory.
then builds a local netfino record for user (if one doesn't already
exist) using niutil]
OS X 10.3.9
More information about the Macpartners
mailing list