Munki - Change local admin password & keychain

[James Knightley]

Morning All,

Can anyone point me in the right direction, I need to change the local admin password and keychain on our mac's due to our 180 day password change policy.

I am currently using Munki and the following command to change the password /usr/bin/dscl . -passwd /users/administrator XXXXXX

This command seems to update the password but leaves me with an keychain mismatch, so my questions is do you have a better way of doing this or can advise how to also update/delete the keychain ?

The devices have users profiles that need to remain so I cant just delete the keychain folder.

Kind Regards

James

[Mr. Alan Siu]

This should help you out:

http://technology.siprep.org/terminal-command-to-change-a-user-password-on-a-mac/

Another way you could do it, though, is to change the password on one machine and then package up the Keychains directory for that user and deploy it to the other machines.

Or, if you don't need the keychain itself, you can also delete the Keychains directory altogether for that user—one will be recreated when the user logs in.

Alan Siu

Client Systems Analyst

St. Ignatius College Preparatory

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/2c402a1f-8a5e-4342-abd1-e5d9a8ce08e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Gerd Niemetz]

Hi!

Maybe

security set-keychain-password -o {oldpwd} -p {newpwd} /Users/{UserShortNameHere}/Library/Keychains/login.keychain

can help, but use with care

best regards

Gerd

[A.E. van Bochoven]

Changing the password with a script run by munki seems to be a very unsafe way to handle this. Anyone that can access the munki webserver will be able to read the cleartext password.

I think I would use Per Oloffson's createuserpkg to update the password.

Sent from my iPhone

--

You received this message because you are subscribed to the Google Groups "munki-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/6f289bf5-f4a9-4d1d-aeb6-1017ec416d5c%40googlegroups.com.

[Mr. Alan Siu]

Should have the same User ID, too, I believe—not just the same username.

Alan Siu

Client Systems Analyst

St. Ignatius College Preparatory

On Tue, Oct 25, 2016 at 11:37 AM, A.E. van Bochoven <ne...@mac.com> wrote:

Changing the password with a script run by munki seems to be a very unsafe way to handle this. Anyone that can access the munki webserver will be able to read the cleartext password.

I think I would use Per Oloffson's createuserpkg to update the password.

Sent from my iPhone

On 25 Oct 2016, at 11:43, Gerd Niemetz <gerd.n...@gmail.com> wrote:

Hi!

Maybe

security set-keychain-password -o {oldpwd} -p {newpwd} /Users/{UserShortNameHere}/Library/Keychains/login.keychain

can help, but use with care

best regards

Gerd

Am Dienstag, 25. Oktober 2016 10:35:00 UTC+2 schrieb James Knightley:

Morning All,

Can anyone point me in the right direction, I need to change the local admin password and keychain on our mac's due to our 180 day password change policy.

I am currently using Munki and the following command to change the password /usr/bin/dscl . -passwd /users/administrator XXXXXX

This command seems to update the password but leaves me with an keychain mismatch, so my questions is do you have a better way of doing this or can advise how to also update/delete the keychain ?

The devices have users profiles that need to remain so I cant just delete the keychain folder.

Kind Regards

James

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/6f289bf5-f4a9-4d1d-aeb6-1017ec416d5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "munki-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/BEA6B74C-E8B1-4364-9572-C82ED202199B%40mac.com.

[James Knightley]

Thanks for all the information, will have a play.