Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Reset a user's password in single user mode System 10.5
We needed to reset the password on a Leopard system, but we didn't have the OS X install DVD available. After a few minutes of playing around, I came up with this solution:
  1. Boot into single user mode (press Command-S at power on)
  2. Type fsck -fy
  3. Type mount -uw /
  4. Type launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
  5. Type dscl . -passwd /Users/username password, replacing username with the targeted user and password with the desired password.
  6. Reboot
This allows you to reset the password in single user mode without booting from the install media.

[robg adds: For everyone about to comment about this massive security hole, please don't do so. We ran a similar hint at the time of the OS X 10.0 release, and you can read the comments there for some of the give and take on the security issue. The bottom line is that someone with physical access has full access to your machine, regardless of whether or not they happened to bring a boot DVD with them. If you're truly worried about such things, then you'll want to use a combination of File Vault, a firmware password, and a case lock to minimize the chances that your machine is accessed.]
    •    
  • Currently 3.21 / 5
  You rated: 4 / 5 (33 votes cast)
 
[216,406 views]  

10.5: Reset a user's password in single user mode | 13 comments | Create New Account
Click here to return to the '10.5: Reset a user's password in single user mode' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Reset a user's password in single user mode
Authored by: johnsawyercjs on Apr 23, '08 01:38:37PM
This looks like a shorter method than the similar one that Apple describes at

http://docs.info.apple.com/article.html?artnum=306840

..which has you first delete, then change, the old password.

[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: lolopb on Apr 28, '08 06:50:02PM

Hmmm this article does only delete a part of a user's record, the AuthAuthority value, in fact. This article is useful if you have a user created in 10.2.x and migrated in 10.5.

Beginning with 10.3, Apple changed the way passwords are stored for more security. Before 10.3, passwords were stored in the NetInfo database, in the users entries, using the unsecure crypt hash. Starting with 10.3, passwords are using stronger hashes (SHA-1 and beginning with 10.4 a Salted-SHA1) and they are no longer stored in the users entries but in /private/var/db/shadow/hash, in a file which is named with each user's GeneratedUID (not the old unix UID, be careful). This folder is only accessible to root and the AuthAuthority attribute tells the system which kind of password you have.

So, if your user was created before 10.3 and you have migrated it, you may want to do what this KB article explains.



[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: alittleknowledge on Apr 23, '08 01:49:59PM

The dscl command portion of this hint will work in 10.4 - I just used it to remotely reset admin passwords on several machines via ARD.

Thanks!!!

---
0==



[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: allanmarcus on Apr 23, '08 04:14:55PM

Once you mount the file system, can't you just use passwd <username> ?

Of course neither method will change the user's login keychain password.




[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: timhaigh on Apr 24, '08 02:40:20AM

Yep, There is no backdoor into the keychain.



[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: pbn on Apr 24, '08 03:59:51AM
Hi there, I don't think passwd would change the password. The passwd command will change the password in /etc/passwd. But Mac OS X doesn't rely on /etc/passwd for passwords, it relies on Directory Service and you have to use the dscl commande to change things in Directory Service.

[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: kholburn on Apr 26, '08 09:35:42AM

passwd will change the user's password in whatever way the system has been set up. Unix systems don't all use /etc/passwd, actually most standalone systems use /etc/shadow not /etc/passwd. Most networked systems use ldap or kerberos or even opendirectory. If passwd has been tailored correctly to the mac it should change the user's password correctly. Maybe not the keychain access password though.

N.B. I haven't tried using passwd in 10.5.



[ Reply to This | # ]
Confirmed: passwd works in 10.5
Authored by: ilikeimac on Jun 17, '09 07:44:15PM

I did just the following after rebooting to single user mode in 10.5 and it worked:

/sbin/mount -uw /
passwd username
After the next reboot my machine didn't automatically login, even though it is configured to do so, and it prompted me for the keychain password in order join my wireless network, but it did honor the new password and it sounds like you can subsequently reset the password in System Preferences to change the keychain password.

[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: bolah1313 on Apr 25, '08 07:51:35AM

You don't have to worry about the Keychain password. Once you change the user's password and can log into the computer all need to do is simply go into the Accounts preference pane and change the password there to either the new password or something different if you so choose. That action will then automatically change the Keychain Password. I've done this several hundred times on Macs from 10.0 through 10.4.11 I haven't yet had to change a password on a Leopard box but I'm sure it will work just the same.

---
Tino XIII



[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: Mr. H on Jan 06, '11 07:33:30AM

Unfortunately, this doesn't seem to work with 10.5. I just did this and now can't access the login keychain (OS 10.5.6). Unfortunately, I don't think there's any way around this.

Edited on Jan 06, '11 08:25:59AM by Mr. H



[ Reply to This | # ]
You can lock down Single User mode quite easily
Authored by: rodneyweston on Apr 24, '08 05:47:55AM

Aside from Open Firmware/EFI passwords, you can configure your Mac so that the root password must be entered in order to access Single User Mode. If your root account is disabled, then it is impossible to enter the root password, and Single User Mode cannot be started.

To do this, the console and ttys must be marked as insecure in /etc/ttys:

1. Log in as administrator
2. Open Terminal
3. cd /etc
4. sudo cp ttys ttys.old (backs up previous ttys config).
5. sudo pico ttys
6. Replace all occurrences of the word "secure" with "insecure" at any lines that do not begin with a "#"
7. Exit, saving changes.

These instructions are from the Apple Mac OS X Security Configuration manual.



[ Reply to This | # ]
You can lock down Single User mode quite easily
Authored by: nussbash on Jan 03, '10 07:04:36PM

This procedure works except that the password for login.keychain remains lost. What will reset that? Thanks!



[ Reply to This | # ]
10.5: Reset a user's password in single user mode
Authored by: haveaname on Jun 19, '10 01:38:43PM
Check this useful guide Reset mac password without disk

[ Reply to This | # ]