Help

Local Admin Password Change - Check existing Password?

Go to solution
mcgace
New Contributor III

Posted on ‎02-10-2020 07:55 AM

Hi,

I'm running a very basic script, which works, to change the local admin password on all our Macs. But, I want to know how to check if the currentPwd already matches the newPwd, and if so then it must exit.

How do I do that? 

if [ currentPwd == newPwd ] then

echo 'password is correct'
else

#change account password

fi

Thank you to @adolfsson for the initial idea:

The Script below works but as you can see its not very 'clever' :-)

Script: 

currentPassword="$4"
newPassword="$5"
accountName="$6"

adminUser="remoteadmin"

#Check that we are changing ONLY for remoteadmin
if [ "$adminUser" == "${accountName}" ]
    then 
        #Change management account locally on mac
        sudo dscl . passwd /Users/"${accountName}" "${currentPassword}" "${newPassword}"

        echo " Local Admin Account - Password changed! "

        #Report management account password back to JSS
        sudo jamf recon -sshUsername remoteadmin -sshPassword "${newPassword}"

        echo " Local Management Account - password passed to JSS! "
    else
        echo " You are trying to change the wrong account. No Changes! "
fi
Labels:
0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
boberito
Valued Contributor

Posted on ‎02-10-2020 08:32 AM 

#!/bin/sh
dscl /Local/Default -authonly "${loggedInUser}" "${userpassword}" 2>&1 /dev/null
if [ "$?" != "0" ]; then
    echo "Login incorrect"
fi

If it works, it's the new password. if it doesn't. Then it's the old. Or vice versa check the other way.

View solution in original post

Reply

Go to solution
boberito
Valued Contributor

Posted on ‎02-11-2020 05:46 AM

$? will give you the exit code of a command. If it equals 0, it exited successfully.

Sometimes programs or scripts will do a different exit code so you know sort of why it failed. A good example or sort of explanation is if you run jamfHelper "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -help" At the bottom of the help it says...

Return Values: The JAMF Helper will print the following return values to stdout... 0 - Button 1 was clicked 1 - The Jamf Helper was unable to launch 2 - Button 2 was clicked XX1 - Button 1 was clicked with a value of XX seconds selected in the drop-down XX2 - Button 2 was clicked with a value of XX seconds selected in the drop-down 239 - The exit button was clicked 243 - The window timed-out with no buttons on the screen 250 - Bad "-windowType" 255 - No "-windowType"

So different exit codes based off different results.

Basically in the small script example I initially posted, if login succeeds the exit code is 0. If it doesn't, it's something else but we dont care what it is, we just care that it wasn't 0.

Hopefully that all makes sense.

View solution in original post

Reply
6 REPLIES 6

Go to solution
boberito
Valued Contributor

Posted on ‎02-10-2020 08:32 AM 

#!/bin/sh
dscl /Local/Default -authonly "${loggedInUser}" "${userpassword}" 2>&1 /dev/null
if [ "$?" != "0" ]; then
    echo "Login incorrect"
fi

If it works, it's the new password. if it doesn't. Then it's the old. Or vice versa check the other way.

Reply

Go to solution
mcgace
New Contributor III

Posted on ‎02-11-2020 02:05 AM

@boberito thanks, newb question: What is this testing?

if [ "$?" != "0" ]

0 Kudos
Reply

Go to solution
boberito
Valued Contributor

Posted on ‎02-11-2020 05:46 AM

$? will give you the exit code of a command. If it equals 0, it exited successfully.

Sometimes programs or scripts will do a different exit code so you know sort of why it failed. A good example or sort of explanation is if you run jamfHelper "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -help" At the bottom of the help it says...

Return Values: The JAMF Helper will print the following return values to stdout... 0 - Button 1 was clicked 1 - The Jamf Helper was unable to launch 2 - Button 2 was clicked XX1 - Button 1 was clicked with a value of XX seconds selected in the drop-down XX2 - Button 2 was clicked with a value of XX seconds selected in the drop-down 239 - The exit button was clicked 243 - The window timed-out with no buttons on the screen 250 - Bad "-windowType" 255 - No "-windowType"

So different exit codes based off different results.

Basically in the small script example I initially posted, if login succeeds the exit code is 0. If it doesn't, it's something else but we dont care what it is, we just care that it wasn't 0.

Hopefully that all makes sense.

Reply

Go to solution
mcgace
New Contributor III

Posted on ‎02-11-2020 06:00 AM

@boberito thanks that perfect. This worked and will help me with a few other things too. Thanks

Reply

Go to solution
devoted_lkrygsm
New Contributor III

Posted on ‎02-27-2020 01:47 PM

You can strip down the true/false check in boberito's solution even further, like so:

#!/bin/sh
if dscl /Local/Default authonly "${loggedInUser}" "${userpassword}" ; then
    echo "Valid Login"
fi

Or if you want to test for an invalid login, add an ! in there:

#!/bin/sh
if ! dscl /Local/Default authonly "${loggedInUser}" "${userpassword}" ; then
    echo "Invalid Login"
fi

If you omit the [ ] and run a command as part of the if, it will evaluate true if the error state is 0 (success) and false for any non-zero error state.

The downside (if you care) of this method is that it does still echo the error if the password is wrong. :-)

Reply

Go to solution
brandon_-_autob
New Contributor III

Posted on ‎06-26-2020 12:52 PM

How was your local admin account provisioned?

0 Kudos
Reply