Login & Logout Hooks

By: James Reynolds - Revised: 2006-06-06 devin

Introduction

Learn about login and logout hooks and hook parameters.


What are login and logout hooks?

This is a special feature provided by Apple. By default, it is not used. Some 3rd party applications use it such as KeyServer.

If you use KeyServer and you create your own LoginHook, you will need to add KeyServer's LoginHook to your LoginHook since you can only have one Hook at a time.

You can use any executable file, script or tool for your login/logout hook. The only requirement is that it must have user executable set, and it must exit with 0.

To enable the login/logout hook, edit /etc/ttys

Change:

console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on secure window=/System/Library/CoreServices/WindowServer onoption="/usr/libexec/getty std.9600" #tahoe's only

To:

console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow -LoginHook /path/to/login_executable -LogoutHook /path/to/logout_executable" vt100 on secure window=/System/Library/CoreServices/WindowServer onoption="/usr/libexec/getty std.9600" #tahoe's only

Be careful when editing this file. If you use the Terminal tool "pico" to edit the file, you *WILL* get hard returns and must manually delete the returns and make the "console" line one continuous line. If you do not, your Mac will not load the loginwindow and you will need to boot into single user mode to edit the file.

How to fix a broken /etc/ttys

  • Reboot Mac.
  • Boot into single user mode by holding Command-s until black display with text appears.
  • When command prompt appears, type "fsck -y".
  • If there are errors, repeat "fsck -y" until there are no errors.
  • Type "mount -uw /".
  • Either restore a backup of the ttys file (if you made a backup) or edit the file with "pico /etc/ttys" (or "vi" / "emacs").
  • Type "reboot".

Hook Parameters

This will not work:

console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow -LoginHook /path/to/login_executable my_parameter" vt100 on secure window=/System/Library/CoreServices/WindowServer onoption="/usr/libexec/getty std.9600" #tahoe's only

Loginwindow already passes in a parameter. This:

#!/bin/sh

echo $1

and this:

#!/usr/bin/perl

print $ARGV[0];

will both print the username logging in. You can not grab the password! Sorry!

When does all of this happen?

/sbin/init
  /private/etc/rc.boot
  /private/etc/rc
    /System/Library/CoreServices/SystemStarter
  /usr/libexec/getty /private/etc/ttys /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow

User logs in, LoginHook executed, login panel goes away, Finder loads, etc.,.

User logs out, Finder and all other applications quit, LogoutHook executed, login panel loads (background graphic also changes).