KerbMinder updated to v1.3

This release brings some significant changes (besides the slick new logo) thanks to a new collaborator, Francois Levaux. All of the original functionality is there, but he made the code much better (you should care about such things!) while adding a killer new feature.

With this release, KerbMinder no longer requires the Mac to be bound to Active Directory. On an unbound Mac, KerbMinder will prompt users for their username and domain information and use it to retrieve a kerberos ticket from the domain.

You can download v1.3 here.

ADPassMon updated to v2.20.10

Download the new version here.

This release fixes a bug that caused the preferences window to appear every time ADPassMon was launched (unless you had prefsLocked enabled). The preferences window is only supposed to appear the first time you launch ADPassMon when preferences aren’t locked.

ADPassMon updated to v2.20.9

Download v2.20.9 here at github.

This release addresses Issue #20. It also fixes a bug that prevented ADPassMon from being added to the Accessibility security list in El Capitan (OS 10.11).

While starting, ADPassMon now checks whether the current user account is local. If it is local, by default it will halt all further processes, but will otherwise stay loaded (using minimal resources). This is by design since some environments launch ADPassMon via a KeepAlive LaunchAgent which would just keep launching it if it were to quit.

You may wish to override this default behavior for a local account — for example, if you have a local account on a bound computer with the same name as your AD account and you want to see your password expiration info. To do this, set the runIfLocal property to true to tell ADPassMon to run normally:

defaults write org.pmbuko.ADPassMon runIfLocal -bool true

ADPassMon updated to v1.11.4

Download the latest release on GitHub.

New feature:

This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.

Bug fixes:

ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.

ADPassMon updated to v1.11.1

Alas, v1.11.0 was short-lived. (Is this what the call continuous delivery?) Fixing the accessibility test in the previous release revealed a bug in the accessibility test — thanks to Jason Bush for pointing it out — where ADPassMon asks to be allowed to control the GUI even if it has already been given permission to do so.

This version makes the test more robust, and also adds an accTest preference item. Setting this to ‘0’ manually will disable the accessibility test, e.g.

defaults write org.pmbuko.ADPassMon accTest 0

If you are packaging this app for deployment in your environment, you can add the above command to a post-install script.

Download the latest build here

ADPassMon v1.11.0 pre-release — please test

This pre-release contains a few significant changes, so I need your help testing it to make sure I haven’t inadvertently broken anything…

I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.

I’ve also added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.

Lastly, in addition to a few cosmetic changes, I have added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.

Download the pre-release here, and please let me know how this version works for you by either commenting here or at github.

UPDATE: Link now points to the b2 release which adds a 15-second delay upon computer wake before ADPassMon runs its checks.

ADPassMon updated to 1.10.3

This release fixes a long-standing assumption (bug??). Until now, ADPassMon has assumed that your Mac’s primary DNS server is also an Active Directory server that can answer LDAP queries. With this release, AD LDAP server information is retrieved using the ‘dsconfigad’ and ‘dig’ commands. Specifically, the AD domain is retrieved using this command

dsconfigad -show | awk '/Active Directory Domain/{print $NF}'

and the output of this command is used in the following dig command

dig -t srv _ldap._tcp.DOMAIN | /usr/bin/awk '/^_ldap/{print $NF}'

Also new with this release:

I will now be hosting ADPassMon releases on GitHub instead of Dropbox. Please visit my ADPassMon releases page to download version 1.10.3.

ADPassMon updated to 1.10.2

This is a minor update that fixes a bug reported by Marc in a blog comment. ADPassMon should now be able to handle usernames with spaces in them.

Download version 1.10.2 here.

Announcing ADPassMon v1.10.0

Major changes:

• Added “Use KerbMinder” menu item so user can control whether it runs. The menu item is only visible if KerbMinder is installed.

Minor changes:

• Fixed a first run bug that prevented ADPassMon from saving the password set date to its plist

Download ADPassMon v1.10.0 here.

Announcing KerbMinder

KerbMinder is a tool for Mac OS X that keeps a logged-in user’s Kerberos ticket current by attempting to renew or refresh it automatically any time the network state changes. It only presents a UI if it needs the user to supply a password.

Please visit my KerbMinder info page or my KerbMinder github repo to learn more about it and how it works.