Solved

Softwareupdate is trying to authenticate user - Authentication is disabled

Forum|Forum|4 years ago
August 26, 2021
29 replies
15283 views

+9

pkleiber
Contributor

We have one user with a Macbook Pro M1 Laptop. Big Sur is installed on the machine and the logged in user is a Mobile Account and has admin rights. File vault 2 is also enabled.

Deployment was some month ago and everything worked fine. Two days ago the user approached me as he was not able to login with his account credentials at home. He was in the office yesterday and after I logged in with my local admin account everything was fine and he could work. So told him to also to update his Big Sur installation from 11.2.x to the latest version 11.5.2. But as he tried to enter his password the following screen states that Authentication is disabled.

I grabbed this screenshot from the internet cause our dialogue is in German.

Anybody have seen this? Where does this come from and how can we fix this? I would greatly appreciate your help.

Thanks

Best answer by pkleiber

I was able to fix the error. It has to do with a corrupt secure token.

I told the user to login with the existing local admin account an then to execute the following script:

#Check if your account has securetoken enabled, (it probably does)
# Disable it then reenable it.
sysadminctl -secureTokenStatus <username>
sysadminctl -secureTokenOff <username> -password - -adminUser <adminusername> -adminPassword -
sysadminctl -secureTokenOn <username> -password - -adminUser <adminusername> -adminPassword -
diskutil apfs UpdatePreboot /

After that I told him to do a reboot.

Everything seems fine now. Logging in offline to his Mobile account also works again.

Show first post

1
2

Forum|pagination.label 2 / 2

+8

red_beard
Valued Contributor
Forum|Forum|1 year ago
November 26, 2024

Writing to say, just experienced this issue running Sequoia 15.2 Beta 3 on an M1 Max MacBook Pro and MacBook Pro M2 running Sonoma 14.2 A small portion of our fleet is still bound. Thankfully most of them are not.

@bwoods script worked great and I utilized Self Service to make it available when our techs need to help other end users.

Like

R

+6

RJ52
Contributor
Forum|Forum|9 months ago
April 2, 2025

Added some osascript to prompt for creds.

#!/bin/bash

username=$(osascript -e 'Tell application "System Events" to display dialog "Enter user username:" default answer ""' -e 'text returned of result' 2>/dev/null)

password=$(osascript -e 'Tell application "System Events" to display dialog "Enter user password:" with hidden answer default answer ""' -e 'text returned of result' 2>/dev/null)

adminUser=$(osascript -e 'Tell application "System Events" to display dialog "Enter admin username:" default answer ""' -e 'text returned of result' 2>/dev/null)

adminPassword=$(osascript -e 'Tell application "System Events" to display dialog "Enter admin password:" with hidden answer default answer ""' -e 'text returned of result' 2>/dev/null)

#Check if your account has securetoken enabled, (it probably does)
# Disable it then reenable it.
sysadminctl -secureTokenStatus "$username"
sysadminctl -secureTokenOff "$username" -password "$password" -adminUser "$adminUser" -adminPassword "$adminPassword"

sysadminctl -secureTokenOn "$username" -password "$password" -adminUser "$adminUser" -adminPassword "$adminPassword"
diskutil apfs UpdatePreboot /

sysadminctl -secureTokenStatus "$username"

exit 0		## Success
exit 1		## Failure

This worked for me in the past, but today the script worked, but the problem persisted. Has anyone run into that issue?

Like

P

PieceofEight
New Contributor
Forum|Forum|8 months ago
April 16, 2025

This worked for me in the past, but today the script worked, but the problem persisted. Has anyone run into that issue?

RJ52 and others who this may help: I found that using the interactive switch in the script below is what works on macOS Sequoia in our environment to fix Secure Token for a user. After running script below and signing back in as user, they are able to run macOS updates with no Touch ID errors.

Log in as admin and launch Terminal.

sudo sysadminctl -secureTokenOff <username> -password password interactive

Password prompt in Terminal: input admin password

Pop up authentication window: input admin password

sudo sysadminctl -secureTokenOn <username> -password password interactive

Pop up authentication window: input admin password

diskutil apfs UpdatePreboot /

Like

+2

markgalvan
New Contributor
Forum|Forum|2 months ago
October 29, 2025

I was able to fix the error. It has to do with a corrupt secure token.

I told the user to login with the existing local admin account an then to execute the following script:

#Check if your account has securetoken enabled, (it probably does) # Disable it then reenable it. sysadminctl -secureTokenStatus <username> sysadminctl -secureTokenOff <username> -password - -adminUser <adminusername> -adminPassword - sysadminctl -secureTokenOn <username> -password - -adminUser <adminusername> -adminPassword - diskutil apfs UpdatePreboot /

After that I told him to do a reboot.

Everything seems fine now. Logging in offline to his Mobile account also works again.

Added some osascript to prompt for creds.

#!/bin/bash username=$(osascript -e 'Tell application "System Events" to display dialog "Enter user username:" default answer ""' -e 'text returned of result' 2>/dev/null) password=$(osascript -e 'Tell application "System Events" to display dialog "Enter user password:" with hidden answer default answer ""' -e 'text returned of result' 2>/dev/null) adminUser=$(osascript -e 'Tell application "System Events" to display dialog "Enter admin username:" default answer ""' -e 'text returned of result' 2>/dev/null) adminPassword=$(osascript -e 'Tell application "System Events" to display dialog "Enter admin password:" with hidden answer default answer ""' -e 'text returned of result' 2>/dev/null) #Check if your account has securetoken enabled, (it probably does) # Disable it then reenable it. sysadminctl -secureTokenStatus "$username" sysadminctl -secureTokenOff "$username" -password "$password" -adminUser "$adminUser" -adminPassword "$adminPassword" sysadminctl -secureTokenOn "$username" -password "$password" -adminUser "$adminUser" -adminPassword "$adminPassword" diskutil apfs UpdatePreboot / sysadminctl -secureTokenStatus "$username" exit 0 ## Success exit 1 ## Failure

This worked for me.
Thanks a ton.

Like

1
2

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded