Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

dstreb

macrumors newbie
Original poster
Nov 24, 2022
18
0
Fitchburg MA
I recently wiped my fusion drive Mac and installed Ventura. When I did it, I made a standard account with a simple password that I need to change. We are a library, so it has to be simple so that patrons can remember it on the way from the front desk to the computer. When I try to change the password to another simple password, it won't let me! Where are the password rules contained? How do I change them to allow simple passwords on a standard account?
 
I ran the following command in the terminal:
staff@Fitchburgs-iMac ~ % pwpolicy -clearaccountpolicies


Password for authenticator staff:


Clearing global account policies


staff@Fitchburgs-iMac ~ %

That did not work. But it must be something similar! (What DID I do when I ran that command?)
 
pwpolicy -clearaccountpolicies
What DID I do when I ran that command?)
From the manual (man pwpolicy In Terminal)
"-clearaccountpolicies Removes all of the account policies for the specified user. If no user is specified, removes the global account policies."
The only rule is to have 4 characters, you can set 1234 as password if you want.
 
I logged in to an admin account and cleared the account policies in a terminal window and it still didn't work! See below:

staff@Fitchburgs-iMac ~ % pwpolicy -u patron -clearaccountpolicies

Password for authenticator staff:


Clearing account policies for user <patron>


staff@Fitchburgs-iMac ~ %

After this ran, I went to users and groups in system settings and tried to change the password in that account and it wouldn't let me! Something else is going on. Sorry if I'm being obtuse.
 
This is a stand-alone iMac in a Library with a dozen Window PCs. I never consciously set MDM/policies for this computer.
 
Does
Code:
pwpolicy -u patron -getpolicy
return anything?

What happens if you try to change the password from Terminal?
Code:
pwpolicy -u patron -setpassword newpassword

What does
Code:
pwpolicy getaccountpolicies
return?
 
staff@Fitchburgs-iMac ~ % pwpolicy -u patron -getpolicy


Getting policy for patron





staff@Fitchburgs-iMac ~ % pwpolicy -u patron -setpassword 1234


Setting password for patron


Password for authenticator staff:


Error: Operation was denied because the current credentials do not have the appropriate privileges.


staff@Fitchburgs-iMac ~ % su root


Password:


su: Sorry


staff@Fitchburgs-iMac ~ %

I'm logged in to an admin account, I thought. Is root the right superuser name? What would its password be? None of the passwords I've ever used on this machine work.
staff@Fitchburgs-iMac ~ % pwpolicy -u patron -getpolicy


Getting policy for patron





staff@Fitchburgs-iMac ~ % pwpolicy -u patron -setpassword 1234


Setting password for patron


Password for authenticator staff:


Error: Operation was denied because the current credentials do not have the appropriate privileges.


staff@Fitchburgs-iMac ~ % su root


Password:


su: Sorry


staff@Fitchburgs-iMac ~ %
 
% pwpolicy -getaccountpolicies


Getting global account policies


<?xml version="1.0" encoding="UTF-8"?>


<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">


<plist version="1.0">


<dict>


<key>policyCategoryPasswordContent</key>


<array>


<dict>


<key>policyContent</key>


<string>policyAttributePassword matches '^$|.{4,}+'</string>


<key>policyContentDescription</key>


<dict>


<key>ar</key>


<string>أدخل كلمة سر لا تقل عن أربعة أحرف أو رموز، أو اترك حقل كلمة السر فارغًا.</string>


<key>ca</key>


<string>Introdueix una contrasenya que tingui quatre caràcters o més, o deixa el camp de la contrasenya en blanc.</string>


<key>cs</key>


<string>Zadejte heslo o minimální délce čtyři znaky nebo nechte pole hesla prázdné.</string>


<key>da</key>


<string>Skriv en adgangskode på mindst fire tegn, eller lad adgangskodefeltet være tomt.</string>


<key>de</key>


<string>Gib ein Passwort ein, das aus mindestens vier Zeichen besteht, oder lass das Passwortfeld leer.</string>


<key>el</key>


<string>Εισαγάγετε ένα συνθηματικό που να αποτελείται από τέσσερις ή περισσότερους χαρακτήρες, ή αφήστε το πεδίο του συνθηματικού κενό.</string>


<key>en</key>


<string>Enter a password that is four characters or more or leave the password field blank.</string>


<key>en_AU</key>


<string>Enter a password that is four characters or more or leave the password field blank.</string>


<key>en_GB</key>


<string>Enter a password that is four characters or more or leave the password field blank.</string>
 
So it looks like the policy change worked, but I lack the proper authentication to change the password. How do I fix that?
 
That works fine
Last login: Mon Dec 12 12:02:52 on ttys000


staff@Fitchburgs-iMac ~ % su patron

Password:

patron@Fitchburgs-iMac staff % exit

Saving session...

...copying shared history...

...saving history...truncating history files...

...completed.

Deleting expired sessions...none found.

staff@Fitchburgs-iMac ~ % who am i

staff ttys000 Dec 12 12:20


staff@Fitchburgs-iMac ~ %
 
That link is for a ssh session if you don't have physical access to the Mac. I don't understand the relevance.
 
OK, I tried that approach, and got an error message because I don't have root access, even though I'm logged in as admin. See below terminal window paste:
staff@Fitchburgs-iMac ~ % sysadminctl -addUser tempadmin -fullName "Temporary Admin Account" -password "temppass"

2022-12-12 13:04:08.754 sysadminctl[1122:29990] sysadminctl should be run as root, or in interactive mode! (Error Domain=NSOSStatusErrorDomain Code=-60007 "errAuthorizationInteractionNotAllowed: The authorization was denied since no user interaction was possible. ")

staff@Fitchburgs-iMac ~ %
 
Run
sudo sysadminctl -addUser tempadmin -fullName "Temporary Admin Account" -password "temppass"

In System Settings, neither staff nor patron appear as admin?
 
I ran that command and it failed. Staff appears as admin in users&groups, and I’m logged in as staff.
 
Also, how can I make sure that my Fusion Drive is being recognized? Should it show up as a separate drive is disk utility?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.