Multiple User Accounts on a Mac - Fxpansion.com

Forum

FXpansion Forum

Multiple User Accounts on a Mac

Support for Bloom

Moderator: SKoT_FX

John Chalisque
Posts: 6
Joined: Thu Jul 12, 2007 1:01 pm

Multiple User Accounts on a Mac

Postby John Chalisque » Fri May 03, 2013 9:05 am

I often like to isolate one music project from another by creating new user accounts. Bloom seems to tie its authorisation to a specific user account so requiring reauthorisation whenever a new user account is created. This is very annoying as I would love to just be able to create a new user account with only the files needed for a specific music project and nothing else as a means to better be able to focus on just that project. Is there any way to authorise Bloom (and other fx products) so that all users on my machine can use it? (The reason being that all humans using my mac are myself).

Having to reauthorise Bloom may use up auths depending on how they are counted (do you add one to the auth count per successful auth attempt, or just for separate hardware signatures?) In the case of email for more, that takes a day or so, so I cannot quickly get a clone of a template music production account up and running quickly.

Please, next time you tweak the fx licensing system, have a method to authorise once for multiple user accounts (some of which may not have been made yet). This could be as easy as having a command line tool that a new user can run which requires password authentication of the user with the auth.

Consider:

(users concerned with security can just cat the script to a terminal and step through the commands manually)

Code: Select all

# auth.sh
  echo "Type in the name of an authorised user"
  read $AUSER
  # user types in username
  su "$AUSER" -c "fxauth createToken /tmp/r4ndom345; chmod 644 /tmp/r4ndom345; (sleep 120; rm /tmp/r4ndom; ) & sleep 1 ; disown"
  # the subshell () sleep disown bit should cause the token file to be deleted two minutes after the su happens
  # which creates a short time window in which to pass the auth on to a new user.
  # su requires $AUSER's password and auth.sh never gets to see it
  fxauth authFromToken /tmp/r4ndom345
  # this should happen within a few seconds of the su command running (but before the delete subshell completes).
 
  # fxauth reads token, validates it to this machines hardware signature and auths fx plugins.

Then all fx plugins work in new user without having to go to fx server. Same number of machines authorised, user is trusted not to abuse this. (Worst case is that unauthorised users of fx plugins still require physical access to the machine on which at least one user is an authorised licence holder, and access to that authorised user's password, which still effectively prevents piracy.)

Example to demonstrate how this time windowing works on Mac command line (copied and pasted from Terminal.app)

Code: Select all

mission-control:Music john1234$ su john -c "echo hello > /tmp/11; chmod 644 /tmp/11; (sleep 10; rm /tmp/11; ) & sleep 1; disown" ; cat /tmp/11 ; sleep 12; cat /tmp/11
Password:
hello
cat: /tmp/11: No such file or directory
mission-control:Music john1234$

John Chalisque
Posts: 6
Joined: Thu Jul 12, 2007 1:01 pm

Postby John Chalisque » Fri May 03, 2013 9:13 am

Note that shortcutting via pipes is not clever, and the fork delete disown stuff should be written into the actual fxauth itself so as to make it sufficiently hard for a script kiddie to capture. Chaffing and winnowing is the best way to avoid capture, but bear in mind that you need to just make it very hard to capture an auth without the authorised user account's password holder's permission. (This sort of thing was thoroughly thought through in the development of OpenID: you prove your identity by showing that you have permission to control a resource, and entrust the permission holder with the task of ensuring that they do not get usurped.)

Alternatively, write a simple FXLicense service that new accounts can use to refer to old account's auths. (New user makes a request to Licence service, switches to old user, tells Licence service that new user is same human as old one, like facebook friend requests, and then switches back to new user and tells Licence service to proceed.)


Return to “Bloom”

Who is online

Users browsing this forum: No registered users and 1 guest