KerbMinder updated to v1.3


This release brings some significant changes (besides the slick new logo) thanks to a new collaborator, Francois Levaux. All of the original functionality is there, but he made the code much better (you should care about such things!) while adding a killer new feature.

With this release, KerbMinder no longer requires the Mac to be bound to Active Directory. On an unbound Mac, KerbMinder will prompt users for their username and domain information and use it to retrieve a kerberos ticket from the domain.

You can download v1.3 here.

ADPassMon updated to v2.20.7

I’ve neglected to post about the last few updates, but we are now at version 2.20.7.

There have been no major changes since my last announcement, but a few bugs have been fixed.

Change summary

  • General spiffing: Removed pre 10.8 code, polished other code, cleaned up comments, user feedback, and logging.
  • If password does not expire, the Re-check Expiration menu item and the Test Settings button in the prefs window are disabled. This prevents an expiration days count (typically a very large number) from being displayed.
  • Resolved an issue where the Create New Keychain button was not showing in the password dialog.
  • Resolved an issue where changing the expiration check interval did not take effect.
  • Resolved an issue where a “missing value” dialog box would appear when trying to change your password.

ADPassMon is “de-forking”

icon_forkBut first, some history. In April of 2014, Ben Toms (aka macmule), released his fork of ADPassMon to the world. It has three main features that differentiate it from mine:

  1. Where my version relies on the native OS change password dialog box, Ben’s fork gives you the option of changing passwords using a dialog box provided by ADPassMon. One of the main advantages here is that you can customize the text displayed in the password window and tailor it to your environment. If your organization uses a web-based password changing service, Ben’s fork can even take users to that site.
  2. Ben’s fork can verify that the user’s login keychain password is correctly synced with their login password, and prompt to fix it when it is not. This is a big deal, as out-of-sync keychain passwords are a hassle for many Mac admins to deal with.
  3. The interval between AD password checks is user-configurable in Ben’s fork. My version used a fixed 12-hour interval.

Since the time of the great forking, Ben and I have both worked independently on our code, adding changes and fixing bugs here and there, so there has been a bit of drift and duplication of effort in the last year. After a fair bit of discussion and some false starts, we finally pooled our resources and have reunited our code into a single project.

So, without further ado…

We’re proud to announce ADPassMon v2.20!

In addition to the features listed above, this release brings the following:

  • Notification alerts now include a Change button, which takes you directly to your selected change password method.
  • Even though it was listed as a feature, “offline functionality” didn’t work correctly until now. The menu item now will now update to show the correct number of days remaining even if your computer has been away from the work network for a while.

Going forward, ADPassMon’s source code, releases, and documentation will be maintained and updated at

Since this is a big change for both forks, we’re still in pre-release mode. Please download and test the app and share your feedback. If you discover any issues, or have feature requests, we ask you to please let us know by submitting them to the github project.

KerbMinder updated to v1.2

This version incorporates fixes submitted via github that remedy the following issues:

  • When the kerberos principal’s realm and the AD directory domain that the computer is bound to do not match, KerbMinder was unable to properly renew the ticket. E.g. the kerberos principal can be FOO.EXAMPLE.COM while the AD domain can be EXAMPLE.COM. KerbMinder would try to use a realm matching the domain. This is not always a correct assumption.
  • The postinstall script for the .pkg installer contained two typos that caused the script to run incorrectly.

Thank you to Francois Levaux-Tiffreau and Noel B. A. both for your pull requests.

Download the v1.2 release here.

ADPassMon updated to v1.11.4

Download the latest release on GitHub.

New feature:

This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.


Bug fixes:

ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.

ADPassMon updated to v1.11.3

Hot on the heels of v1.11.2, this release addresses two issues:

  • Fixed an annoying bug where the Use Notifications checkbox in the Preferences window, and both the Enable Notifications and Enable KerbMinder menu items would not change state the first time they are selected.
  • Added a log entry for when ADPassMon triggers a Notification Center alert to help troubleshoot an issue where notifications were not being spawned.

Download this release from GitHub.

ADPassMon updated to v1.11.1

Alas, v1.11.0 was short-lived. (Is this what the call continuous delivery?) Fixing the accessibility test in the previous release revealed a bug in the accessibility test — thanks to Jason Bush for pointing it out — where ADPassMon asks to be allowed to control the GUI even if it has already been given permission to do so.

This version makes the test more robust, and also adds an accTest preference item. Setting this to ‘0’ manually will disable the accessibility test, e.g.

defaults write org.pmbuko.ADPassMon accTest 0

If you are packaging this app for deployment in your environment, you can add the above command to a post-install script.

Download the latest build here