On 17/03/2011 19:20, Gary Winiger wrote: > On 03/17/11 09:51, Jan Damborsky wrote: >> In case of Automated Installer, user is responsible for constructing >> password hash and supply it via System Configuration profile. >> I assume that today people just use passwd(1) and then copy paste >> hashes from shadow(4) to System Configuration profile. > > I presume that's how jumpstart is done if passwords are > configured.
Would it really hurt to have a simple CLI that allowed customers to generate password hashes like the punchin-hasher app does for punchin? This cut/paste from shadow(4) seems a little poor for an enterprise OS. >>> The hard part is to present the >>> user with a conversation if this is a GUI rather than >>> a tty based interaction. >> >> Yep, I agree. That's more challenging part :-) > > Not being a GUI guy, I'd really be challenged. > A tty based interaction is just a few line of simple > C. It's well documented in the PAM developer guide > and the SAC Policy: > > http://psarc.us.oracle.com/BestPractices/pam_tty_conv.c A PAM conversation isn't that hard in a GUI really, it just depends on how complex the conversation is :) But GDM and xscreensaver code can be used as reference points to see how it can be done. The main part really is that the application is running with the appropriate level of auths to allow it to actually perform the conversation. But, just to be clear, I'm assuming that we're not talking about a full-blown login conversation here, are we? Thanks, Darren. _______________________________________________ caiman-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
