16 oct 2024
How to fix some updates due to credential errors
Have you ever tried to update a Mac computer and it just won't let you and it just hangs from Terminal? And if you try to update it from system updates, it tells you that your administrator user credentials are not correct?
This happens because the admin user you are using does not have the Secure Token active…
I copy here a script that you can use in #JAMF Pro, to enable Secure Token on macOS. This requires certain steps and privileges, as it is designed to protect access to FileVault and other system security services. In order to enable Secure Token for a specific user, you need to have access to an administrator account that already has Secure Token enabled. Here is a basic Bash script that you could use as a reference to enable Secure Token for a user:
——
bash
#!/bin/bash
# Variables
adminUser="adminName" # Replace with the name of the administrator user
adminPassword="adminpassword" # Replace with the password of the administrator user
targetUser="targetUserName" # Replace with the name of the user who needs the Secure Token
# Function to enable Secure Token
enable_secure_token() {
expect <
spawn sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenOn $targetUser -password -
expect "Password:"
send "$adminPassword\r"
expect eof
EOF
}
# Execute the function
enable_secure_token
# Check the status of the Secure Token for the target user
sysadminctl -secureTokenStatus $targetUser
——
Important notes:
1. Expect: This script uses `expect`, a tool that automates interactions with programs that require user input. Make sure that `expect` is installed on your Mac, you can install it using Homebrew with the command `brew install expect`.
2. Security: Never store passwords in plain text in your scripts. This script is for educational purposes only and should be used with caution. Consider more secure methods for handling passwords and credentials, such as using a keychain or secure environment variables.
3. Privileges: You need administrator privileges to run these commands correctly, and the administrator must have a Secure Token enabled in order to grant it to another user.
4. Compatibility: This script is designed for macOS High Sierra (10.13) onwards, where the concept of Secure Token was introduced.
5. Testing: Always test your scripts in a controlled environment before deploying them to production, especially when manipulating security settings.
Make sure you tailor the script to your specific needs and fully understand each step before running it.
——-
Developed by SETEK Consultants SETEK Consultants