ADPassMon updated to v1.11.4

Download the latest release on GitHub.

New feature:

This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.


Bug fixes:

ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.

3 thoughts on “ADPassMon updated to v1.11.4

  1. Hi Peter

    I’m seeing a few cases where the Mac can reach LDAP and does not have a kerberos ticket but the application does not prompt to create or refresh the ticket. The console logs show “ADPassMonAppDelegate applicationWillFinishLaunching:]: No user interaction allowed” i’ve also had a few instances where i click the change password menu item and nothing happens, this also generates a similar “No User interaction” message

    I have a LaunchAgent keeping the application alive and a script to load the LaunchAgent if not loaded,
    do you think this could be related ?

    #Load LaunchAgent as logged in user
    loggedInUser=$( stat -f%Su /dev/console )
    loggedInPID=$( ps -axj | awk “/^$loggedInUser/ && / {print \$2;exit}” )
    (/bin/launchctl bsexec “${loggedInPID}” sudo -iu “${loggedInUser}” “launchctl load /Library/LaunchAgents/local.adpassmon.job.plist”)

    or possibly the permissions are wrong ?

    i packaged the application with JAMF Composer, i see that the majority of items have
    drwxr-xr-x 7 root admin 238 Aug 24 14:27 Contents
    but ADPassMonAppDelegate.scpt does not have execute for root or admin
    -rw-r–r– 1 root admin 51448 Aug 24 14:27 ADPassMonAppDelegate.scpt

    Console logs
    9/2/15 12:01:48.084 PM ADPassMon[17144] Running on OS 10.9.x
    9/2/15 12:01:48.085 PM ADPassMon[17144] Testing Universal Access settings…
    9/2/15 12:01:48.085 PM ADPassMon[17144] Enabled
    9/2/15 12:01:48.148 PM ADPassMon[17144] Testing if password can expire…
    9/2/15 12:01:48.190 PM ADPassMon[17144] Password does expire.
    9/2/15 12:01:48.190 PM ADPassMon[17144] Testing for Kerberos ticket presence…
    9/2/15 12:01:48.208 PM ADPassMon[17144] No ticket found
    9/2/15 12:01:48.214 PM ADPassMon[17144] *** -[ADPassMonAppDelegate applicationWillFinishLaunching:]: No user interaction allowed. (error -1713)
    9/2/15 12:01:57.453 PM[310] (local.keepAlive.ADPassMon) Throttling respawn: Will start in 1 seconds
    9/2/15 12:01:58.590 PM ADPassMon[17158] Performance: Please update this scripting addition to supply a value for ThreadSafe for each event handler: “/Library/ScriptingAdditions/WebexScriptAddition.osax”
    9/2/15 12:01:58.671 PM ADPassMon[17158] Running on OS 10.9.x
    9/2/15 12:01:58.671 PM ADPassMon[17158] Testing Universal Access settings…
    9/2/15 12:01:58.672 PM ADPassMon[17158] Enabled
    9/2/15 12:01:58.737 PM ADPassMon[17158] Testing if password can expire…
    9/2/15 12:01:58.764 PM ADPassMon[17158] Password does expire.
    9/2/15 12:01:58.764 PM ADPassMon[17158] Testing for Kerberos ticket presence…
    9/2/15 12:01:58.772 PM ADPassMon[17158] No ticket found
    9/2/15 12:01:58.778 PM ADPassMon[17158] *** -[ADPassMonAppDelegate applicationWillFinishLaunching:]: No user interaction allowed. (error -1713)

    Many thanks!,

    • I think this must be related to the LaunchAgent. Can you check to see which user owns the ADPassMon process on the affected computers? The “No user interaction allowed” error makes me think the process is owned by a process that’s not on /dev/console. Also, the permissions on the ADPassMonAppDelegate.scpt file are fine. It’s not an executable script.

  2. Thanks Peter,
    Good to know the permissions are correct, i just checked in Activity Monitor and the ADPassMon process is running with my name by it, i’ll see if i can find any more info on this.

Comments are closed.