src/platform/DARWIN/AklogAuthPlugin/README

   1 Setup:
   2
   3 http://support.apple.com/kb/TA20987 explains how to configure loginwindow
   4 to do Kerberos. After you have done so and it works, you can add this as
   5 aklog:CELLNAME,privileged
   6
   7 after loginwindow:success and before HomeDirMechanism:login,privileged
   8
   9 e.g.
  10 change
  11 <string>loginwindow:success</string>
  12 <string>HomeDirMechanism:login,privileged</string>
  13
  14 to
  15
  16 <string>loginwindow:success</string>
  17 <string>aklog:andrew.cmu.edu,privileged</string>
  18 <string>HomeDirMechanism:login,privileged</string>
  19
  20 in the system.login.console section of /etc/authorization.
  21
  22 The following is from Apple's ROT13 plugin:
  23
  24 Note: The preferred way to modify the /etc/authorization file is to use
  25 the Authorization APIs in <Security/AuthorizationDB.h>. This is always
  26 how it should be done in shipping products, as there may have been other
  27 modifications to the /etc/authorization file. A code snippet to do this
  28 is:
  29
  30 #include <CoreFoundation/CoreFoundation.h>
  31 #include <Security/AuthorizationDB.h>
  32
  33 #define LOGIN_RIGHT "system.login.console"
  34
  35 int main(int argc, char *argv[])
  36 {
  37     CFDictionaryRef login_dict;
  38     OSStatus status;
  39     AuthorizationRef authRef;
  40
  41     status = AuthorizationCreate(NULL, NULL, 0, &authRef);
  42     if (status) exit(1);
  43
  44     status = AuthorizationRightGet(LOGIN_RIGHT, &login_dict);
  45     if (status) exit(1);
  46
  47     CFArrayRef arrayRef;
  48     if (!CFDictionaryGetValueIfPresent(login_dict, CFSTR("mechanisms"),
  49         &arrayRef))
  50         exit(1);
  51
  52     CFMutableArrayRef newMechanisms = CFArrayCreateMutableCopy(NULL, 0,
  53         arrayRef);
  54     if (!newMechanisms)
  55         exit(1);
  56
  57     CFIndex index = CFArrayGetFirstIndexOfValue(newMechanisms,
  58         CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
  59
  60     if (index == -1)
  61         exit(1);
  62
  63     CFArraySetValueAtIndex(newMechanisms, index, CFSTR("newmech"));
  64
  65     CFMutableDictionaryRef new_login_dict
  66         = CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
  67
  68     CFDictionarySetValue(new_login_dict, CFSTR("mechanisms"), newMechanisms);
  69
  70     status = AuthorizationRightSet(authRef, LOGIN_RIGHT, new_login_dict,
  71         NULL, NULL, NULL);
  72
  73     if (status) exit(1);
  74 }