Help

Students Forgetting Local Passwords

nigelcockman
New Contributor

yesterday

We’re using JAMF Connect to manage our logins for our school iMac lab, and we’re having a bit of an issue with students changing passwords. I understand that if their network login is changed, they are prompted to enter their most recent local password to sync them up. The trouble is, students typically only have their network password changed if they forget it, meaning they effectively become locked out of that particular iMac.

I was thinking that if I can detect which accounts have mismatched passwords, I could write a script to remove the local profile entirely, and allow the student to log in with their network password again. Does anyone know of a way to detect whether or not an account has a mismatched password via a script? My initial plan was to read PasswordCurrent from the local account’s com.jamf.connect.state plist, but that variable only updates while JAMF Connect is running while the user is logged in.

0 Kudos
Reply
1 REPLY 1

AJPinto
Esteemed Contributor

16 hours ago

This would require you to be able to hook in to every login keychain on the device, and for your script to be able to parce out the password to be aware of it, then to to an authentication test against the IDP with the password from the login keychain. Suffice it to say this is not possible, and if it was would raise a lot of security concerns. 


I recommend looking in to Platform SSO. Unlike Jamf Connect which must work off the users login keychain, Platform SSO will check the IDP if the password a user enters does not match the login keychain password, and will allow them in if it matches the IPD instead as well as updating the login keychain password.

0 Kudos
Reply