You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improved the --package option when running on macOS 10.15 Catalina and older so that Universal user creation packages are created that can be installed on Apple Silicon Macs without requiring Rosetta.
Improved the --automatic-login option on future versions of macOS so that new built-in techniques are used to setup auto-login instead of needing to do all the setup manually within mkuser (specifically the kcpassword obfuscation/encoding).
Fixed a bug when the --automatic-login option was specified where setting up auto-login would fail for some specific passwords because they would not get obfuscated/encoded correctly into the kcpassword file. See brunerd/macAdminTools#2 for more information.
Fixed an issue on future versions of macOS where a random default user picture would not get chosen properly (when the --picture option was omitted) which would result in the user being created with no picture (as if the --no-picture option was specified).
Other minor improvements and typos corrected throughout.
Previous Release Notes from Version 2022.4.21-1
Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
Other minor improvements and typos corrected throughout.
Previous Release Notes from Version 2022.3.2-1
Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated--fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
Other minor bug fixes, improvements, and typos corrected throughout.
