0

When using the find command or any other recursive file searches, I always notice /usr/sbin/authserver in the context of a "permission denied" error. Just out of pure curiosity, what actually is that directory? I can't seem to find good information online about it. Looking inside using sudo, I see it contains a single subdirectory tools and within that a single binary called weakpass. There's no practical reason why I want to know what these are, but I'm just interested in why they're so hidden. Running weakpass:

usage: weakpass username [admin|standard]

It just hangs when I fill in the arguments correctly.

What does this directory and this program do?

Improve this question
2
  • why they're so hidden ... why do you say that the files are hidden? Commented Nov 27 at 19:23
  • does weakpass --help return anything useful? ... do NOT run with elevated privileges Commented Nov 27 at 19:30

2 Answers 2

Reset to default
1

weakpass is a macOS tool used to check passwords against a list of forbidden words. It was apparently intended for use with PasswordServer on OS X Server.

The list of forbidden words is manipulated with weakpass_edit. weakpass itself takes two arguments, the target user’s name, and the requesting user’s privilege level (admin or standard); it then checks passwords given to it (on standard input, I imagine) against the list of forbidden words. If the requesting user’s privilege level is admin, passwords are accepted even if they appear in the list of forbidden words; otherwise they aren’t.

Improve this answer
2
  • Thanks! How come it's the only thing in sbin that is inaccessible to normal users? On my system, it seems like the only locked directory in all of /usr. Commented Nov 27 at 20:11
  • 1
    I imagine it’s a remnant of OS X Server features, perhaps there were other binaries in /usr/sbin/authserver that regular users weren’t supposed to have access to. You’d have to ask Apple for a definitive answer ;-). Commented Nov 28 at 8:04
1

If you suspect it belongs to a package, then use your distribution's package manager to find which package owns it. (Subdirectories in 'sbin' are odd, but I've seen packages do weirder stuff.)

For example, dpkg -S weakpass on Debian, or pacman -Qo /usr/sbin/authserver/weakpass on Arch.

If you find nothing, then try Debian Code Search for any mentions of some text:

That finds nothing, so GitHub next:

That also finds nothing, so the next thing to try is strings to find any mentions of the product or package embedded within the binary itself:

strings -n 15 /usr/sbin/authserver/weakpass

If that also finds nothing, search the rest of the system for 'weakpass'. Maybe even:

grep -r weakpass /etc /usr /opt

It just hangs when I fill in the arguments correctly.

I am pretty sure it does not hang, but rather waits for you to provide input – the password. Similar to how cat or tail behave when you run them without any file argument. Try entering something, then pressing Ctrl-D twice (or the Enter key once and Ctrl-D once).

(That is, it looks like a close equivalent of 'cracklib' or 'pwquality'.)

In general this looks like a binary meant for 'batch' use, i.e. not for running directly in a terminal but rather invoked from another program (maybe from a PAM module). Depending on its verdict, it probably exits with status code 0 (good password) or 1 (weak password).

Such binaries don't bother showing interactive prompts like "Enter password:" as the calling program would then need to specifically suppress or ignore it somehow, and that's just extra work if the program isn't meant to be run by users anyway.

(Though normally such tools would go in /usr/lib, not /usr/sbin.)

Improve this answer
1
  • You're right, it takes stdin input. Commented Nov 27 at 20:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.