Download v2.20.8 here at github.
This release addresses Issue #20.
While starting, ADPassMon now checks whether the current user account is local. If it is local, by default it will halt all further processes, but will otherwise stay loaded (using minimal resources). This is by design since some environments launch ADPassMon via a KeepAlive LaunchAgent which would just keep launching it if it were to quit.
You may wish to override this default behavior for a local account — for example, if you have a local account on a bound computer with the same name as your AD account and you want to see your password expiration info. To do this, set the
runIfLocal property to true to tell ADPassMon to run normally:
defaults write org.pmbuko.ADPassMon runIfLocal -bool true
I’ve neglected to post about the last few updates, but we are now at version 2.20.7.
There have been no major changes since my last announcement, but a few bugs have been fixed.
- General spiffing: Removed pre 10.8 code, polished other code, cleaned up comments, user feedback, and logging.
- If password does not expire, the Re-check Expiration menu item and the Test Settings button in the prefs window are disabled. This prevents an expiration days count (typically a very large number) from being displayed.
- Resolved an issue where the Create New Keychain button was not showing in the password dialog.
- Resolved an issue where changing the expiration check interval did not take effect.
- Resolved an issue where a “missing value” dialog box would appear when trying to change your password.
But first, some history. In April of 2014, Ben Toms (aka macmule), released his fork of ADPassMon to the world. It has three main features that differentiate it from mine:
- Where my version relies on the native OS change password dialog box, Ben’s fork gives you the option of changing passwords using a dialog box provided by ADPassMon. One of the main advantages here is that you can customize the text displayed in the password window and tailor it to your environment. If your organization uses a web-based password changing service, Ben’s fork can even take users to that site.
- Ben’s fork can verify that the user’s login keychain password is correctly synced with their login password, and prompt to fix it when it is not. This is a big deal, as out-of-sync keychain passwords are a hassle for many Mac admins to deal with.
- The interval between AD password checks is user-configurable in Ben’s fork. My version used a fixed 12-hour interval.
Since the time of the great forking, Ben and I have both worked independently on our code, adding changes and fixing bugs here and there, so there has been a bit of drift and duplication of effort in the last year. After a fair bit of discussion and some false starts, we finally pooled our resources and have reunited our code into a single project.
So, without further ado…
In addition to the features listed above, this release brings the following:
- Notification alerts now include a Change button, which takes you directly to your selected change password method.
- Even though it was listed as a feature, “offline functionality” didn’t work correctly until now. The menu item now will now update to show the correct number of days remaining even if your computer has been away from the work network for a while.
Going forward, ADPassMon’s source code, releases, and documentation will be maintained and updated at https://github.com/macmule/ADPassMon/.
Since this is a big change for both forks, we’re still in pre-release mode. Please download and test the app and share your feedback. If you discover any issues, or have feature requests, we ask you to please let us know by submitting them to the github project.
This version incorporates fixes submitted via github that remedy the following issues:
- When the kerberos principal’s realm and the AD directory domain that the computer is bound to do not match, KerbMinder was unable to properly renew the ticket. E.g. the kerberos principal can be FOO.EXAMPLE.COM while the AD domain can be EXAMPLE.COM. KerbMinder would try to use a realm matching the domain. This is not always a correct assumption.
- The postinstall script for the .pkg installer contained two typos that caused the script to run incorrectly.
Thank you to Francois Levaux-Tiffreau and Noel B. A. both for your pull requests.
Download the v1.2 release here.
Download the latest release on GitHub.
This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.
ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.
Hot on the heels of v1.11.2, this release addresses two issues:
- Fixed an annoying bug where the Use Notifications checkbox in the Preferences window, and both the Enable Notifications and Enable KerbMinder menu items would not change state the first time they are selected.
- Added a log entry for when ADPassMon triggers a Notification Center alert to help troubleshoot an issue where notifications were not being spawned.
Download this release from GitHub.
This release includes the following changes/fixes:
- New icon with high-resolution (Retina) equivalents.
- Removed square brackets from the status menu display. Where previously “[31d]” would be shown, now “31d” will be shown.
- Improved first-run logic to fix an issue where some users were being shown the Preferences window each time ADPassMon launched.
Download this release from GitHub.
Alas, v1.11.0 was short-lived. (Is this what the call continuous delivery?) Fixing the accessibility test in the previous release revealed a bug in the accessibility test — thanks to Jason Bush for pointing it out — where ADPassMon asks to be allowed to control the GUI even if it has already been given permission to do so.
This version makes the test more robust, and also adds an
accTest preference item. Setting this to ‘0’ manually will disable the accessibility test, e.g.
defaults write org.pmbuko.ADPassMon accTest 0
If you are packaging this app for deployment in your environment, you can add the above command to a post-install script.
Download the latest build here
I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called
msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.
Other bug fixes / new features:
- ADPassMon will wait 15 seconds after waking before running to allow network connection to be established.
- Fixed accessibility check routine that runs on startup to add ADPassMon to list of apps allowed to control the GUI. (This is used to bring up OS X’s Change Password dialog box.)
- Fixed Change Password GUI scripting bug by adding a 1 second delay to allow the GUI to update fully.
- Added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.
- Added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.
Download the latest release here.
This release adds a check to the per-user KerbMinder.py script so it will only run for the current console user. This should avoid issues on computers where more than one user is logged in at a time.
Download KerbMinder v1.1 from GitHub.