[install-discuss] Install time user creation & root

[Darren J Moffat]

Sarah Jelinek wrote:
> 
> Really?  Ok, I admit I don't know a lot about this,  so I have been 
> reading the docs on this to understand what is available to us, and it 
> states there is a System Administrator rights profile:

You are correct I just typed it wrong when I grepped for it in 
prof_attr(4) so I didn't get a hit!  [feels suitably embarrassed! ].


> We were planning on using useradd() for adding the user data. And, then 
> add the password data by hand after.

How are you planning on constructing the hashed password then ?

>					 The pam stuff isn't something we 
> considered. We would need to take a look at this, how it might work in 
> the miniroot or on first reboot and how we might be able to enable the 
> use of this.

At the very least you need to use crypt_gensalt(3C) and crypt(3C) to 
construct the hashed password if you don't use PAM.  Using PAM won't 
work well in the miniroot.

The reason you need to use crypt_gensalt(3C) is so that when we in 
Solaris security land change the default value of CRYPT_DEFAULT in 
policy.conf you won't have to change your code!

> Part of my ambiguity on the answers to your comments is that we haven't 
> had the chance to look very closely at this yet. But, you have given us 
> a lot of good data which helps.

I'm happy to help out more, if you can point me to the source I'd be 
happy to prototype this for you.

-- 
Darren J Moffat