[MacTUG] Modifying the OS X Mavericks Authorization Database

[Marlon A. Griffith]

"""
Versions of OS X prior to Mavericks had a file located at
/etc/authorization, which controlled the rights for many different
actions, such as adding a printer, changing the time, or setting up Time
Machine.  These rights were based on groups, and many admins modified
this file so that users who were not admins could perform some of these
privileged tasks.

After installing Mavericks, you will find that /etc/authorization no
longer exists, and if upgrading the file will have been moved to
/etc/authorization.deprecated, with any modifications no longer working.

Early in the developer previews, it was discovered that this file had
“moved” to the /System/Library/Security/ folder.  This initial
impression was only half correct, as it turns out that this is just the
source file for the new authorization database.  The new database is
located at /var/db/auth.db, and is a SQLite3 database.  This is what is
actually checked by securityd for rights, and seems to be much faster
than checking the old Property List format.

For those who would like to make modifications to the authorization
database, the old methods of using PlistBuddy directly against
/etc/authorization will no longer work.  Instead, there are three
different methods which can work, though only one is Apple supported.
...

Conclusion
For now, use the security command.  All existing scripts which target
/etc/authorization will need to be rewritten, and the mac-authorization
Puppet module does not currently work.  In the coming weeks, updates
will make this much easier.

Much, much more to come on this subject, stay tuned!

http://www.afp548.com/2013/10/22/modifying-the-os-x-mavericks-authorization-database/
"""