jamf Connect - delete kerberos tickets

BookMac
Contributor

Hello folks,
we have adjusted the configuration of jamf connect. Since we don't need the Kerberos option, we've removed it. Now we have some MacBooks that still show when the password is about to expire. How can I remove this ad on the clients?

I've tried kdestroy -a, unscope and scope the config again for a test mac. Remove jamf connect und reinstalled the app. Restart, change networkconnection.

2021-12-09_15h57_09.png

Regards BookMac

6 REPLIES 6

junjishimazaki
Valued Contributor

Hi, the password expiration countdown is a configuration key in your Jamf Connect config setting which has nothing to do with kerberos. It's just a countdown which it syncs to your IDP. Look for this key <key>ExpirationNotificationStartDay</key>

I'm curious why you want to remove this option? Don't you want your users to know when their password is about to expire?

Hey,

we dont have the key in our configuration. In the past we have used kerberos with this keys:

<key>Kerberos</key>
	<dict>
		<key>AutoRenewTickets</key>
		<true/>
		<key>Realm</key>
		<string>domain.local</string>

That's why we had this expiration countdown in the past. The new macbooks with the "new" config don't get the expiration countdown but all existing macbooks who had the old config still get the info.

BookMac
Contributor

We have another user with this:

Bildschirmfoto 2022-01-04 um 13.54.29.png

As i sad we have changed our config and deleted the Kerberos Part. But some Clients thinks Kerberos is still active. So we have some users, which get this because their password expires after 90 days. They can change it with jamf connect but the timer still goes on. 😞

 

BookMac
Contributor

defaults delete com.jamf.connect.state in terminal was the solution. after the command you need to quit jamf connect and it restarts without the expiration. how am i able to deploy it with a script for the users in jamf?

junjishimazaki
Valued Contributor

I have a script that accomplishes that

#!/bin/sh

#current logged in user

curUser="`stat -f%Su /dev/console`"

pkill "Jamf Connect"

# Removing state file
rm -rf /Users/$curUser/Library/Preferences/com.jamf.connect.state.plist

exit 0

BookMac
Contributor
#!/bin/sh



currentuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name πŸ˜• && ! /loginwindow/ { print $3 }')
echo $currentuser


sudo su - "$currentuser" -c "defaults delete com.jamf.connect.state.plist"

pkill "Jamf Connect"

exit 0

we've tried this and it looks good.