top of page

Apple Secure Token

16 oct 2024

How to fix some updates due to credential errors

Have you ever tried to update a Mac computer and it just won't let you and it just hangs from Terminal? And if you try to update it from system updates, it tells you that your administrator user credentials are not correct?



This happens because the admin user you are using does not have the Secure Token active…



I copy here a script that you can use in #JAMF Pro, to enable Secure Token on macOS. This requires certain steps and privileges, as it is designed to protect access to FileVault and other system security services. In order to enable Secure Token for a specific user, you need to have access to an administrator account that already has Secure Token enabled. Here is a basic Bash script that you could use as a reference to enable Secure Token for a user:


——


bash


#!/bin/bash



# Variables


adminUser="adminName" # Replace with the name of the administrator user


adminPassword="adminpassword" # Replace with the password of the administrator user


targetUser="targetUserName" # Replace with the name of the user who needs the Secure Token



# Function to enable Secure Token


enable_secure_token() {


expect <


spawn sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenOn $targetUser -password -


expect "Password:"


send "$adminPassword\r"


expect eof


EOF


}



# Execute the function


enable_secure_token



# Check the status of the Secure Token for the target user


sysadminctl -secureTokenStatus $targetUser


——



Important notes:



1. Expect: This script uses `expect`, a tool that automates interactions with programs that require user input. Make sure that `expect` is installed on your Mac, you can install it using Homebrew with the command `brew install expect`.



2. Security: Never store passwords in plain text in your scripts. This script is for educational purposes only and should be used with caution. Consider more secure methods for handling passwords and credentials, such as using a keychain or secure environment variables.



3. Privileges: You need administrator privileges to run these commands correctly, and the administrator must have a Secure Token enabled in order to grant it to another user.



4. Compatibility: This script is designed for macOS High Sierra (10.13) onwards, where the concept of Secure Token was introduced.



5. Testing: Always test your scripts in a controlled environment before deploying them to production, especially when manipulating security settings.



Make sure you tailor the script to your specific needs and fully understand each step before running it.


——-


Developed by SETEK Consultants SETEK Consultants


bottom of page