AppleKerberosSSOExtensioncripts
This script is based on the Apple example published in their Apple Kerberos SSO Extension guide.
The script DistributedNotificationListener.swift must be called with the following arguments.
Name | Value |
---|---|
-notification | Name of the distributed notification |
-action | Path to the script to execute if the notification is detected. |
Example
DistributedNotificationListener.swift -notification com.apple.KerberosPlugin.ConnectionCompleted /tmp/myExampleScript.sh
Distributed Notifications
Defines the Distributed Notification the script should listen. Under macOS all applications can send distributed notifications, however it is mostly unclear how they are named. here a list of known notifications.
Notification | Application | Description |
---|---|---|
com.apple.KerberosPlugin.ConnectionCompleted | Apple Kerberos Extension | The Kerberos SSO extension has run its connection process. |
com.apple.KerberosPlugin.ADPasswordChanged | Apple Kerberos Extension | The user has changed the Active Directory password with the extension. |
com.apple.KerberosPlugin.LocalPasswordSynced | Apple Kerberos Extension | The user has brought the Active Directory and local passwords in sync. |
com.apple.KerberosPlugin.InternalNetworkAvailable | Apple Kerberos Extension | The user has connected to a network where the configured Active Directory domain is available. |
com.apple.KerberosPlugin.InternalNetworkNotAvailable | Apple Kerberos Extension | The user has connected to a network where the configured Active Directory domain is not available. |
com.apple.KerberosExtension.gotNewCredential | Apple Kerberos Extension | The user has acquired a new Kerberos TGT. |
com.apple.KerberosExtension.passwordChangedWithPasswordSync | Apple Kerberos Extension | The user has changed the Active Directory password, and the local password has been updated to match the new Active Directory password. |
LaunchAgent or LaunchDaemon
TO run this script as as a logged-in-user (LaunchAgent) or as root (LaunchDaemon) we can deploy the following plist file.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>ch.appfruit.DistributedNotificationListener.example</string>
<key>RunAtLoad</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Appfruit/DistributedNotificationListener/DistributedNotificationListener.swift</string>
<string>-notification</string>
<string><!-- Enter Distributed Notification name --></string>
<string>-action</string>
<string><!-- Enter path to script --></string>
</array>
</dict>
</plist>
Installer
The installer only deploys the script, you need to modify it according to your needs to deploy LaunchAgents, LaunchDaemons and your scripts.