Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use a master password on 'managed' machines System
If you set a master password on OSX 10.3.x, it will allow you to reset any users password without booting from the Install Disk -- this is particularly useful in a lab environment, or with users that are likely to forget their password on a regular basis.

You don't have to have FileVault turned on to enable a master password; just go into System Preferences -> Security and set the master password there. To reset a password without booting from the Install Disk, simply incorrectly enter the users' password three times at the login screen. You will be asked if you want to reset the password for this user. Enter the master password when prompted, and proceed to reset the user's password.

Saves a good 10 minutes over booting from the Install Disk!

[robg adds: Obviiously, as an admin, you can simply change users' passwords from the Accounts panel. However, I think most labs will not leave their admin accounts logged in, so you'd have to first login, then open System Prefs, etc. The method described above will definitely be easier if you've got a non-logged-in machine and a user saying "I forgot my password." Repeat that 50 times a day, and I can see how this could be a huge timesaver!]
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[11,561 views]  

Use a master password on 'managed' machines | 6 comments | Create New Account
Click here to return to the 'Use a master password on 'managed' machines' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use a master password on 'managed' machines
Authored by: edoriv on Sep 01, '04 12:04:45PM

or a rather simple solution would be to use the terminal...
open terminal type the following

quick explination (read further for deatils if you need them)

sudo passwd [insert short user name of account to change password for]





for those that need a little more info read on

sudo passwd [insert short user name to change here]
(RETURN KEY)
you will be prompted for an admin password (one that is the main user with admin privs) you will blind type your password (won't see it on the command line)

you will next see the following

Changing password for shared.
New password:
Retype new password:

after you retype the new password the password will have been reset to the new password.



[ Reply to This | # ]
Even for non admin users?...
Authored by: nicola on Sep 01, '04 01:35:00PM

That is: what if the current user is not a 'sudoer'?
AFAIK, to do what you say you must be currently logged in as an administrator, and that's just what the hint is about: avoid that...

Or am I missing the point? Sorry if so.



[ Reply to This | # ]
Even for non admin users?...
Authored by: edoriv on Sep 02, '04 07:22:38PM

you can always assume the role of any other user

su [admin user name] (RETURN KEY)
it will ask for that users password

now you are running as an admin in the terminal now you can do anything you need...

no matter what even with the hint given you MUST know some MASTER password... the master password setting still won't work unless you know the master password... wouldn't knowing that master password be equivalent of having admin-ship??? I wouldn't give the system master password to anyone I wouldn't give an admin account to.

also the hint was providing a way to change passwords without having to log out and in to an admin account... I gave the same thing only in a terminal version...

one more advantage to my way is you don't have to be local to the machine to do the password reset... simply run a telnet or ssh session and you could do it from any place as long as you have network access.

cheers



[ Reply to This | # ]
Use a master password on 'managed' machines
Authored by: Detrius on Sep 01, '04 06:14:02PM

I really hate to be rude, but why (in a large environment where different users have different passwords) would you NOT be running OS X Server and Open Directory to manage user accounts?

Besides, if each machine individually has the master password set, changing the password would be far more of a pain than resetting one user password.



[ Reply to This | # ]
Use a master password on 'managed' machines
Authored by: LoonyPandora on Sep 01, '04 08:14:13PM

Don't worry, it wasn't rude.

In an ideal world, of course you would be using OSX Server, and Open Directory, managed user accounts, networked home directories, maybe even NetBoot - but this is not an ideal world ;-) - Many companies refuse to invest that heavily in IT, or have PC IT departments that "Will not have a Mac Server..."

In situations like this, it is great to have one master password set on ALL machines, so the main IT person can reset any password without having to know the users admin password (which they will invariably forget)



[ Reply to This | # ]
Use a master password on 'managed' machines
Authored by: babbage on Sep 10, '04 01:36:57AM

So then centralize account management on a central Linux machine running NIS and other Free software, and it can all be done for the price of one cheapo PC and a little bit of time with the documentation.

OSX Server is nice, but you can run most of the same services it provides on a Free (beer, speech) operating system for not a whole lot more effort.

Failing that, you can just designate one of your OSX Client machines as The Boss, and have it push around login information via something as simple as ssh logins and Bourne shell scripts using the ni* and dscl commands. If you want to be fancy you can do this with Apple Remote Desktop, but if your budget doesn't allow that then, again, all of these things can be done with Free software that came with your Mac.

Setting the master password this way -- for this reason -- seems like a disaster waiting to happen. What happens if the only person that knows the password forgets it, or leaves the job? Each machine will need to be rebuilt if it comes to that. It doesn't have to be that way...

---
--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]