Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Field Not Working During Workflow #2

Open
cmaliwat opened this issue Jun 14, 2017 · 4 comments
Open

Password Field Not Working During Workflow #2

cmaliwat opened this issue Jun 14, 2017 · 4 comments

Comments

@cmaliwat
Copy link

When using this script, passwords are imported to the plist in plain text.

This does not seem to be working because when workflow is complete, and login is attempted, user cannot login.

However, when going through the DS GUI, passwords are hashed/salted into the plist.

Then when workflow is complete, user can login.
@cbyr2401
Copy link

Hey cmaliwat,

I think I had a similar issue when testing the script. I haven't thoroughly investigated it but I think it has to do with the passwords storing with a newline character on the end.

To confirm this can you please:

  1. Open the new modified plist file in a text editor
  2. Turn on the "view all symbols / characters" (something similar to that)
  3. Go down to where the password is stored and check if a newline is present.

I think the fixes for this issue are:

  1. Add an extra empty column to the csv import file
    or
  2. Modify the python script to remove newlines at the end of each line in the csv file.

Going back to your original post for a second. I don't think that the hashed/salted should affect the users ability to log in. I would, however, look to implement this in a future update of the script as it is good practice.

I currently don't have enough time to investigate this further at the moment, if you could report back to me on the above and I will see what I can do.

Thanks for reporting it.

@cmaliwat
Copy link
Author

I've noted the behavior your mentioned in regards to the plist files. When viewing the plist in Text Wrangler, there is an additional random 'inverted question mark' symbol. In Atom, I see the return character for a line break.

I tested importing a plist with a blank column at the end of the csv file, simply by putting an extra , at the end of the line. The plist now does not have the random character in Text Wrangler nor the line break in Atom.

However, the user cannot login with the plain-text password in this field. It seems DeployStudio does indeed want a hashed password.

textwrangler
atom

I am using DeployStudio 1.7.6

@wallarug
Copy link
Owner

Cool. Thanks for investigating.

You wouldn't by any chance happen to know how deploy studio hashes the passwords?

One of the core issues I had was working out what has it used and how/what it used to salt them. If it is just a basic known hashing algorithm then maybe I could quickly implement and test it for you tomorrow afternoon.

What sort of time frame would like the passwords feature to be working? (Is this a high priority for you, or just something you are playing around with?)

I would really like to get that part of the script working for you, as it is an important add on for adding user accounts to devices.

@cmaliwat
Copy link
Author

I do not know how Deploy Studio hashes passwords. I'm sure contact with the developers would be necessary, but I don't know how responsive they are.

I've also asked in #deploystudio on the Mac Admins Slack channel, but haven't heard from anybody there regarding the hash method.

No time frame is necessary... It would be nice to get this working eventually though.

Thanks for this project, it's been helpful up to this point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wallarug @cbyr2401 @cmaliwat