3 http://support.apple.com/kb/TA20987 explains how to configure loginwindow
4 to do Kerberos. After you have done so and it works, you can add this as
5 aklog:CELLNAME,privileged
7 after loginwindow:success and before HomeDirMechanism:login,privileged
11 <string>loginwindow:success</string>
12 <string>HomeDirMechanism:login,privileged</string>
16 <string>loginwindow:success</string>
17 <string>aklog:andrew.cmu.edu,privileged</string>
18 <string>HomeDirMechanism:login,privileged</string>
20 in the system.login.console section of /etc/authorization.
22 The following is from Apple's ROT13 plugin:
24 Note: The preferred way to modify the /etc/authorization file is to use
25 the Authorization APIs in <Security/AuthorizationDB.h>. This is always
26 how it should be done in shipping products, as there may have been other
27 modifications to the /etc/authorization file. A code snippet to do this
30 #include <CoreFoundation/CoreFoundation.h>
31 #include <Security/AuthorizationDB.h>
33 #define LOGIN_RIGHT "system.login.console"
35 int main(int argc, char *argv[])
37 CFDictionaryRef login_dict;
39 AuthorizationRef authRef;
41 status = AuthorizationCreate(NULL, NULL, 0, &authRef);
44 status = AuthorizationRightGet(LOGIN_RIGHT, &login_dict);
48 if (!CFDictionaryGetValueIfPresent(login_dict, CFSTR("mechanisms"),
52 CFMutableArrayRef newMechanisms = CFArrayCreateMutableCopy(NULL, 0,
57 CFIndex index = CFArrayGetFirstIndexOfValue(newMechanisms,
58 CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
63 CFArraySetValueAtIndex(newMechanisms, index, CFSTR("newmech"));
65 CFMutableDictionaryRef new_login_dict
66 = CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
68 CFDictionarySetValue(new_login_dict, CFSTR("mechanisms"), newMechanisms);
70 status = AuthorizationRightSet(authRef, LOGIN_RIGHT, new_login_dict,