Help

Extension attribute for login mechanism enforcement

_aDiedericks
Contributor

Posted on ‎09-14-2023 02:32 AM

Hi there,

Does anyone know of an extension attribute or a way to reference devices' current set login mechanism. This is to run authchanger policies whenever jamf connect isn't the set login mechanism i.e after macOS upgrades and every other state we've not yet encountered but could potentially revert the login mechanism back to macOS default.

0 Kudos
3 REPLIES 3

_aDiedericks
Contributor

Posted on ‎09-14-2023 02:36 AM

I've found a script that does the check. Technically you could add the authchanger command to run if statement is false and set create a policy to run at every login/startup.

Coming from - https://github.com/sean-rabbitt/jamf-extension-attributes/blob/master/Is%20Jamf%20Connect%20login%20... 

#!/bin/bash

# Is Jamf Connect login window enabled

loginwindow_check=$(security authorizationdb read system.login.console | grep 'JamfConnectLogin:Initialize' 2>&1 > /dev/null; echo $?)

if [ $loginwindow_check == 0 ]; then
	echo "<result>TRUE</result>"
else
	echo "<result>FALSE</result>"
fi

 

0 Kudos

Tribruin
Valued Contributor II

Posted on ‎09-14-2023 07:41 AM

Simiar to above, but use authchanger:

 

#!/bin/bash

# Extension Attribute to determine if Jamf Connect Login is enabled on system

if [[ -e /usr/local/bin/authchanger ]]; then

	# Uses authchanger to check if any JamfConnectLogin mechs are enabled
	if [[ $( /usr/local/bin/authchanger -print | grep JamfConnectLogin ) != "" ]]; then
        /bin/echo "<result>Enabled</result>"
    else
        /bin/echo "<result>Disabled</result>"
    fi
else
	# Authchanger not installed,
    /bin/echo "<result>No Jamf Connect</result>"
fi
0 Kudos

shannon_pasto
Contributor

Posted on ‎09-14-2023 01:47 PM

Look into the com.jamf.connect.login key DisableUpdateWatcher

0 Kudos