Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Rotation #59

Open
BornTKill opened this issue Jan 13, 2025 · 6 comments
Open

Password Rotation #59

BornTKill opened this issue Jan 13, 2025 · 6 comments

Comments

@BornTKill
Copy link

BornTKill commented Jan 13, 2025
edited
Loading

Hello,

Thank you for your email ;)
So have do first windows test.
Here are my first feedback :

  • Some English Transalation are missing :
  • Have try default password configuration (15 lenght and abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_+*.#=!) the password is changed as you can see but i think that special char break copy/paste on frontend.
image

Will make more test and update this issue.
@BornTKill
Copy link
Author

@schorschii Can you explain how this Anzahl Historie is supposed to work ?

@BornTKill
Copy link
Author

Did you implement password rotation for MacOS ?

schorschii added a commit that referenced this issue Jan 13, 2025
@schorschii
fix English translations (#59)
2c8fdf0
@schorschii
Copy link
Owner

Thanks for your feedback. I added the missing translations.

Can you explain how this Anzahl Historie is supposed to work ?

With the translation it is now called "History Count" and defines how many old passwords should be stored in the database. Old passwords are currently not displayed in the frontend. Old passwords can be useful in some rare cases, e.g. when resetting virtual machines to older snapshots.

i think that special char break copy/paste on frontend

Can you please explain what you mean with that exactly?

Did you implement password rotation for MacOS ?

Unfortunately, it's not that easy with macOS. There is no command line tool for changing the password without knowing the current password, see here. I have the same problem in LAPS4LINUX here.

@BornTKill
Copy link
Author

BornTKill commented Jan 13, 2025
edited
Loading

@schorschii don’t know if it can help https://github.com/gregneagle/pycreateuserpkg

https://community.jamf.com/t5/jamf-pro/changing-the-adm-password-by-script/m-p/157319#M146328

@schorschii
Copy link
Owner

schorschii commented Jan 16, 2025
edited
Loading

Unfortunately, no. The problem are the Secure Tokens which are enabled for every user by default. Changing the password without knowing the old password works if the Secure Token is disabled beforehand for the specific user using this command:

sudo systadminctl -secureTokenOff USERNAME -password CURRENT_PASSWORD interactive

This must be done on each device manually, then dscl and passwd command line tools don't require the current password. But I'm not aware of how this impacts FileVault. So I can implement the password change for macOS with the notes above. But further tests are required regarding the functionality of FileVault.

(Installing a profile as recommended in your second link is not possible via command line.)

@BornTKill
Copy link
Author

Ok and why not using the old password to set a new one ?
We (initialy) or oco (after first change) know it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BornTKill @schorschii