PDA

View Full Version : Forcing user password change in Lion?




rm -rf /*
May 17, 2012, 06:04 PM
Does anyone know how to force a local user to reset their password in Lion or Snow Leopard? I know how to reset via terminal and the GUI, but how do you force a local user (standard), even on the same box, to reset their password on login? Thanks for any tips.



sidewinder
May 17, 2012, 07:02 PM
That would be a server feature, not a desktop OS feature.....

S-

AndyMoore
May 18, 2012, 01:05 AM
I'm not going to guarantee this working as it's from UNIX/AIX but the command does exist in OS X Lion.

Logon as an admin user and in Terminal type the command -

sudo passwd <user id>


This will ask for a new password. Make the new one something nice and easy to remember.
When they next login, it will ask for this new password and then, if it works the UNIX way, should prompt them to change it again.

AndyMoore
May 18, 2012, 02:12 AM
Ok, maybe this isn't such a good idea.

I created a test account on my OS X Lion machine with the password test.
Logged in and made sure it was ok and then logged out.

Then I used the passwd command from my main account on user test and logged back into it.
The password change worked but then Keychain had a problem, you're greeted with a dialog saying -

The System was unable to unlock your login keychain.
Would you like to update the password, create a new keychain or continue the login?

Update Keychain Password is the default and if selected prompts for the keychain password, remember though that this is the old password which it needs and I'm assuming once it's provided, keychain will update itself with the new password.

But at no stage did this process prompt for the user to create a new password of their own. :(



Of course, all this can be done from System Preferences - User & Groups if you have an Admin account.

Second idea, change their password to something horrid or offensive, then they might change it of their own accord :)

rm -rf /*
May 18, 2012, 07:45 AM
Ok, maybe this isn't such a good idea.

I created a test account on my OS X Lion machine with the password test.
Logged in and made sure it was ok and then logged out.

Then I used the passwd command from my main account on user test and logged back into it.
The password change worked but then Keychain had a problem, you're greeted with a dialog saying -

The System was unable to unlock your login keychain.
Would you like to update the password, create a new keychain or continue the login?

Update Keychain Password is the default and if selected prompts for the keychain password, remember though that this is the old password which it needs and I'm assuming once it's provided, keychain will update itself with the new password.

But at no stage did this process prompt for the user to create a new password of their own. :(



Of course, all this can be done from System Preferences - User & Groups if you have an Admin account.

Second idea, change their password to something horrid or offensive, then they might change it of their own accord :)


Thanks for taking a look. I came up with a lot of the same ways to change a password the *nix way, which does not change the keychain pw (same thing happens with GUI).

Yet another way I found to change the password CLI was "sudo dscl localhost -password here /Search/Users/test"

Honestly, there really was no functional necessity to force a password reset in Lion, I was just trying to see if I could get it to work, as it's a server feature, so I assumed there was a CLI way to do it, too!

AndyMoore
May 18, 2012, 10:02 AM
Ah, see, now if I'd have taken more notice of your username then I'd have realised you probably knew all that already :o