[Casper] WEP, WPA, keychain, security

Thomas Larkin tlarki at kckps.org
Mon Sep 8 14:10:48 PDT 2008 

I have been hurting my brain trying to figure out the best method of doing this, and I will share what I have found so far.  

If you make a symbolic link to the airport binary (since they tuck it away in a weird place) you can use it to make some changes.  Now, if it stores it in the keychain I have no clue to make a sym link open terminal and do this

wyandotte-205:~ tlarkin$ cd /usr/sbin
wyandotte-205:sbin tlarkin$ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin

now you can do this from the terminal

wyandotte-205:sbin tlarkin$ airport -h
airport AirPort v.521.5.1 (521.5.1)
Supported arguments:
 -z        --disassociate       Disassociate from any network
 -i[<arg>] --ibss=[<arg>]       Create IBSS
 -x        --xml                Print info as XML
 -s[<arg>] --scan=[<arg>]       Perform a wireless broadcast scan.
				   Will perform a directed scan if the optional <arg> is provided
 -r<arg>   --repeats=<arg>      Repeat the command the specified number of times
 -A[<arg>] --associate=[<arg>]  Associate to network.
				   Will prompt for network name if arg is not specified
				   and if necessary, for a password if the network is using WEP or WPA.
				   The following additional arguments may be specified with this command:
                                  --bssid=<arg>     Specify BSSID to associate with
                                  --password=<arg>  Specify a WEP key or WPA password
 -I        --getinfo            Print current wireless status, e.g. signal info, BSSID, port type etc.
 -P<arg>   --psk=<arg>          Create PSK from specified pass phrase and SSID.
				   The following additional arguments must be specified with this command:
                                  --ssid=<arg>      Specify SSID when creating a PSK
 -c[<arg>] --channel=[<arg>]    Set arbitrary channel on the card
 -h        --help               Show this help


If you look into it you can easily write a command to add an airport network but I doubt it saves it in the keychain

/usr/sbin/airport -A --associate your_ssid --password your_wireless_passkey


now if yo ulook there is the -P switch which will allow you to add a preshared key.  Again I don't think this writes to the system keychain.  I think you will need a separate line of code to do so.

Anyone at all made any progress with this?  Sorry for the convoluted email, as I am just copying/pasting what I find.
 
 
>>> Daniel Farnworth <daniel.farnworth at thecreativepartnership.co.uk> 09/08/08 6:26 AM >>> 
We also need to do similar, any scripts that people would like to  
post will more than likely come in very handy and we'd be happy to  
post back any improvements or changes...

Cheers
Dan

On 5 Sep 2008, at 22:53, Eric Anderson wrote:

> I too will be doing this same thing about a month from now. I would  
> love to hear what people have figured out already without having to  
> build from scratch.
>
> Thanks,
> Eric
>
> On Fri, Sep 5, 2008 at 1:12 PM, Thomas Larkin <tlarki at kckps.org>  
> wrote:
> Soooooooo
>
> Another project on my road map is to migrate everything to WPA.  Of  
> course I need to test this out, and am looking to push out a  
> package via casper that will migrate clients from the existing  
> wireless encryption to a new one, and probably a whole new SSID.  I  
> have been researching it, and it seems that the security unix  
> command can be used to add, modify, etc keychains in the system.
>
> I found some apple scripts that do it as well, but they run in the  
> GUI, are interactive and can be interupprted by the end user.   
> Something I am not really keen on using.
>
> What are the methods you people used with Casper and pushing this  
> sort of stuff out?  I have been playing around with networksetup  
> and security binary scripts to add the network settings and the  
> keychains.
>
> Thanks in advance for any help
>
> tom
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

--  
Daniel Farnworth
IT Manager
The Creative Partnership
daniel.farnworth at thecreativepartnership.co.uk

http://www.thecreativepartnership.co.uk
Tel: +44 (0)20 7439 7762
Fax: +44 (0)20 7437 1467

PGP Public Key available






The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify postmaster at thecreativepartnership.co.uk immediately and then delete this email from your system. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of The Creative Partnership. The Creative Partnership has taken every reasonable precaution to ensure that any attachment to this e- mail has been swept for viruses. However, The Creative Partnership cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.

More information about the Casper mailing list