Jamf Nation Community

jameson · ‎10-26-2020

So Jamf connect 2.0 has changed a bit on the author. Does anyone have any extension attribute made for which login window is used on a client - native login og JCL window.

Know the stuff happens in the auth.db database, but struggling to find a way to create an extension attribute to verify which login mechanism the clients have

ThijsX · ‎10-26-2020

You can build something that reads out

security authorizationdb read system.login.console

The Mechanisms key lists the loginwindow settings as an array of strings. Mechanisms defined as "privileged" prompt the loginwindow to run the mechanism as the root user. The only built-in macOS mechanism removed by Jamf Connect is loginwindow:login, which displays the standard macOS login window.

jameson · ‎10-27-2020

thanks. And yes the read from this I also have found, but how to get this string loginwindow:login out of it, I just can´t figure out.

If it was a normal plist file I had enough of examples, but this system.console.login I am struggeling with my scripting skills

mm2270 · ‎10-27-2020

@jameson A simple grep against the output should be enough. If all you need to know for the Extension Attribute is whether the loginwindow:login string is present, then just grep for it, and if found, set a variable to Yes or some other simple string and echo back. Or, if not present, echo back No, etc.

For example, something like the following should work I think.

#!/bin/sh

loginwindow_check=$(security authorizationdb read system.login.console | grep 'loginwindow:login' 2>&1 > /dev/null; echo $?)

if [ $loginwindow_check == 0 ]; then
    echo "<result>OS LoginWindow</result>"
else
    echo "<result>JC LoginWindow</result>"
fi

jameson · ‎10-28-2020

Thanks a lot. :) - works great - and think I just overcomplicated this, as in the the output saw Array, string instead of just searching for the direct name

Jamf Nation Community

Jamf Connect - Extension attribute