Fresh image requires reboot before able to login

[thegooch49]

Hi, I have an instauser script that sets up a local administrator account. To mask the password so my enterprise admin password isn’t in a plain script somewhere, I drop the actual password to /private/var/db/shadow/hash, then change the UUID on the hash I dropped to match UUID of the local admin user.

This all works, but it requires me to reboot my computer once, sometimes twice before the credentials work. Has anyone else had this problem? Any ideas on how to avoid this? It’s not a huge deal, but it might be a time saver if I could avoid this.

More details:
My instadmg script puts 2 startup scripts in place. 1 is instauser which creates the local admin account. 2 is a post install script. This turns on NTP, sleep settings. ARD, etc. It also sets the hash file with my actual password to match my UUID on my local administrator account.

Thanks for any help.

-Jeff

[larkost]

I am missing something here. Are you creating the users with script after boot? Why not create the users and put the /prvat/var/db/shadow/hash file into place all as a pkg in your InstaDMG routine. Even if you are giving your pkg to others they can’t really reverse the password back out of the hash (well… no more than they could by having admin access to one of the imaged machines).

Since you are the one putting your user into place you already know what the UUID is going to be, so everything falls into place. This is what I do and it works out great.

[thegooch49]

Thanks for the reply. In my instauser script, I first set a bogus password in script. I do this, because I use the password once, when I enable root. To enable root, I need to put the password in the script as plain text. So instauser first sets the password as ‘fakepass’. It then enables root, using this fake password:

/usr/sbin/dsenableroot -u localadmin -p fakepass -r anotherfakepass

Later in the instadmg script, I move the temp hash files that I put in place, to match the UUID’s for root and localadmin. Perhaps this issue would all be cleared up, if I could find a way to enable root with the instauser script, without having to enter in this dummy password (or put my actual password into a plain text file). Has that been figured out on this forum already? I’ll search.

-Jeff

[larkost]

Why do you need to enable root? I am going to STRONGLY encourage you not to enable root. There is nothing that you can’t do otherwise. Really…. I mean it.

And why can’t you simply create a launchd LaunchDaemon that would launch a script to do that for you? One that would then erase itself after running?

There is probably a better way of doing this (figure out all of the steps that dsenableroot takes), but this would work (you do have to replace a few things)
[code]


Label
org.sample.enableRoot
ProgramArguments

/path/to/script

[/code]
and
[code]
#!/bin/bash

/usr/sbin/dsenableroot -r anotherfakepass
/bin/rm -f /Library/LaunchDaemons/org.sample.enableRoot
/bin/rm -f $0
[/code]

[Author]

Posts