This release brings some significant changes (besides the slick new logo) thanks to a new collaborator, Francois Levaux. All of the original functionality is there, but he made the code much better (you should care about such things!) while adding a killer new feature.
With this release, KerbMinder no longer requires the Mac to be bound to Active Directory. On an unbound Mac, KerbMinder will prompt users for their username and domain information and use it to retrieve a kerberos ticket from the domain.
You can download v1.3 here.
Download the new version here.
This release fixes a bug that caused the preferences window to appear every time ADPassMon was launched (unless you had
prefsLocked enabled). The preferences window is only supposed to appear the first time you launch ADPassMon when preferences aren’t locked.
Download v2.20.9 here at github.
This release addresses Issue #20. It also fixes a bug that prevented ADPassMon from being added to the Accessibility security list in El Capitan (OS 10.11).
While starting, ADPassMon now checks whether the current user account is local. If it is local, by default it will halt all further processes, but will otherwise stay loaded (using minimal resources). This is by design since some environments launch ADPassMon via a KeepAlive LaunchAgent which would just keep launching it if it were to quit.
You may wish to override this default behavior for a local account — for example, if you have a local account on a bound computer with the same name as your AD account and you want to see your password expiration info. To do this, set the
runIfLocal property to true to tell ADPassMon to run normally:
defaults write org.pmbuko.ADPassMon runIfLocal -bool true
I’ve neglected to post about the last few updates, but we are now at version 2.20.7.
There have been no major changes since my last announcement, but a few bugs have been fixed.
- General spiffing: Removed pre 10.8 code, polished other code, cleaned up comments, user feedback, and logging.
- If password does not expire, the Re-check Expiration menu item and the Test Settings button in the prefs window are disabled. This prevents an expiration days count (typically a very large number) from being displayed.
- Resolved an issue where the Create New Keychain button was not showing in the password dialog.
- Resolved an issue where changing the expiration check interval did not take effect.
- Resolved an issue where a “missing value” dialog box would appear when trying to change your password.
But first, some history. In April of 2014, Ben Toms (aka macmule), released his fork of ADPassMon to the world. It has three main features that differentiate it from mine:
- Where my version relies on the native OS change password dialog box, Ben’s fork gives you the option of changing passwords using a dialog box provided by ADPassMon. One of the main advantages here is that you can customize the text displayed in the password window and tailor it to your environment. If your organization uses a web-based password changing service, Ben’s fork can even take users to that site.
- Ben’s fork can verify that the user’s login keychain password is correctly synced with their login password, and prompt to fix it when it is not. This is a big deal, as out-of-sync keychain passwords are a hassle for many Mac admins to deal with.
- The interval between AD password checks is user-configurable in Ben’s fork. My version used a fixed 12-hour interval.
Since the time of the great forking, Ben and I have both worked independently on our code, adding changes and fixing bugs here and there, so there has been a bit of drift and duplication of effort in the last year. After a fair bit of discussion and some false starts, we finally pooled our resources and have reunited our code into a single project.
So, without further ado…
In addition to the features listed above, this release brings the following:
- Notification alerts now include a Change button, which takes you directly to your selected change password method.
- Even though it was listed as a feature, “offline functionality” didn’t work correctly until now. The menu item now will now update to show the correct number of days remaining even if your computer has been away from the work network for a while.
Going forward, ADPassMon’s source code, releases, and documentation will be maintained and updated at https://github.com/macmule/ADPassMon/.
Since this is a big change for both forks, we’re still in pre-release mode. Please download and test the app and share your feedback. If you discover any issues, or have feature requests, we ask you to please let us know by submitting them to the github project.
This version incorporates fixes submitted via github that remedy the following issues:
- When the kerberos principal’s realm and the AD directory domain that the computer is bound to do not match, KerbMinder was unable to properly renew the ticket. E.g. the kerberos principal can be FOO.EXAMPLE.COM while the AD domain can be EXAMPLE.COM. KerbMinder would try to use a realm matching the domain. This is not always a correct assumption.
- The postinstall script for the .pkg installer contained two typos that caused the script to run incorrectly.
Thank you to Francois Levaux-Tiffreau and Noel B. A. both for your pull requests.
Download the v1.2 release here.
Download the latest release on GitHub.
This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.
ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.
Hot on the heels of v1.11.2, this release addresses two issues:
- Fixed an annoying bug where the Use Notifications checkbox in the Preferences window, and both the Enable Notifications and Enable KerbMinder menu items would not change state the first time they are selected.
- Added a log entry for when ADPassMon triggers a Notification Center alert to help troubleshoot an issue where notifications were not being spawned.
Download this release from GitHub.
This release includes the following changes/fixes:
- New icon with high-resolution (Retina) equivalents.
- Removed square brackets from the status menu display. Where previously “[31d]” would be shown, now “31d” will be shown.
- Improved first-run logic to fix an issue where some users were being shown the Preferences window each time ADPassMon launched.
Download this release from GitHub.
Alas, v1.11.0 was short-lived. (Is this what the call continuous delivery?) Fixing the accessibility test in the previous release revealed a bug in the accessibility test — thanks to Jason Bush for pointing it out — where ADPassMon asks to be allowed to control the GUI even if it has already been given permission to do so.
This version makes the test more robust, and also adds an
accTest preference item. Setting this to ‘0’ manually will disable the accessibility test, e.g.
defaults write org.pmbuko.ADPassMon accTest 0
If you are packaging this app for deployment in your environment, you can add the above command to a post-install script.
Download the latest build here