Hi.
I'm reasonably new to JAMF, having been working with it for about 6 months now.
I have a client company who would like to implement some password changes through a Jamf policy. Using jamf help, I see that the verb "changePassword" is an option - as is "resetPassword"
From the brief description available through jamf help changePassword, I believe that the difference between these two verbs is that changePassword is "graceful" and requires the old password, while resetPassword is "forceful" and will just change the password without knowing the old one, which potentially causes FileVault and Keychain issues.
Using a test account, I've ascertained that running sudo jamf changePassword -username test -password NewPassword -oldpassword OldPassword seems to happily update the test user's password and there doesn't seem to be any problems when logging into the test user afterwards - no keychain issues, etc.
So, I'm wondering if anyone else has used this for anything and if they can give me any advice on the following...
- Confirmation that I've correctly understood the difference between changePassword (good!) and resetPassword (bad!)
- Has anyone found an elegant way to validate the -oldpassword without actually resetting it? Or would you just try a change in a script to see what is returned?
- Does anyone know what mechanism is working in the background to implement this change, ie - is this somehow passing variables into Apple's password reset dialog, or is this some jamf internal process?
- Has anyone used this in an AD environment, and if so, if the machine is bound to AD and on the AD network, will the password change reset the AD password too, or will it update locally and cause AD issues?
Any insight, or just a pointer to whichever jamf article that my Google-fu has been unable to find would be insanely great.
Many thanks to anyone who's able to help, or constructively told me where I've gone wrong in posting this.
