[Casper] Best way to re-sync service account passwords
Nichols, Jared
jared.nichols at ll.mit.edu
Fri Jul 31 05:54:30 PDT 2009
Actually, I think I figured it out :)
I setup a policy that will execute on any that will reset the account
to a known password. So, let the machine check in and then it'll
change it. Next time it hits the spin password policy, all's good.
Sound right?
j
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
On Jul 31, 2009, at 8:10 AM, Nichols, Jared wrote:
> Hi-
>
> I use a hidden ssh account for all of my admin functions on my
> clients. No use of a >500 UID account. I have the JSS spinning the
> passwords on the account to a random 16 character password due to high
> security environment.
>
> Some of the machines, the account password has become de-syncronized
> whereby the user needs to locally authenticate in Self Service (they
> normally don't need to) and I can't remote into the machine. They do
> normally check in for policies though. All indications to me seems to
> be that the JSS stored password and the password on the machine aren't
> the same.
>
> What's the easiest, least user impacting way to fix this?
>
> Thanks
>
> j
> ---
> Jared F. Nichols
> Desktop Engineer, Infrastructure & Operations
> Information Services Department
> MIT Lincoln Laboratory
> 244 Wood Street
> Lexington, Massachusetts 02420
> 781.981.5436
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
More information about the Casper
mailing list