Wednesday, April 8, 2009

Changing passwords with dscl

Let's just assume that you have some Macs with an administrative account whose password needs changing. (There's so many possible reasons for this that hypotheticals are really unnecessary.) They've got ARD running, but actually controlling them, and using System Preferences to change the password:

  • is time-consuming

  • is also tedious

  • means you might have to interact with somebody, and

  • is time-consuming.

So you select the computers that need passwords changed, click that handy-dandy little "UNIX" button (or go to Manage -> Send UNIX Command...), and enter the following.

dscl -u username -P password . -passwd /Users/username newpassword

If you're unfamiliar with dscl, I highly recommend you check out the man page. The first username and password are to authenticate as a user than can actually make the change you're trying to make. The dot is where we specify the data source - which directory node we want to make a change in. Since this is a local acccount, we can just use the local domain. Then we specify the command (in this case, "-passwd" to change a password), the path to the user (relative to the data source - I know that /Users/username would also be the location of their home directory, but that's just a coincidence), and the new password.

And then, we make extra special certain that we clear our History, because otherwise, anybody who gets their hands on our computer now has both old and new passwords.

No comments:

Post a Comment