You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improved the --skip-setup-assistant option (when specified with no parameter or both or firstBootOnly) to exit first boot Setup Assistant when mkuser is run after the system has already started and is still running Setup Assistant (or Language Chooser) on first boot. This could happen when mkuser is being run by a LaunchDaemon on first boot, or during MDM Automated Device Enrollment. Previously, the user would be created but Setup Assistant would not be skipped after user creation finished unless the computer was manually restarted (or Setup Assistant could be completed which would require manually creating another user). Now, Setup Assistant (or Language Chooser) will be exited if still running when mkuser finishes creating the user and the login window will be loaded with the newly created user available to log into. Issue #3 is closed with this improvement.
Fixed a sporadic and inconsistent bug that could cause password deobfuscation to occasionally fail when installing a user creation package.
Other minor improvements and typos corrected throughout.
Previous Release Notes from Version 2022.4.21-1
Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
Other minor improvements and typos corrected throughout.
Previous Release Notes from Version 2022.3.2-1
Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated--fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
Other minor bug fixes, improvements, and typos corrected throughout.
