I’m a fan of ADPassMon.
It’s especially useful for FileVault 2 encrypted Macs, where the user will never see the
“Your password will expire in X days” notification at the loginwindow, since they are directly taken to their Desktop from the pre-boot authentication.
Now, Mavericks (10.9.”0″) appears to have a bug where it will not show the password expiry notification even if you’re not using FileVault 2. Another reason to use ADPassMon.
ADPassMon has a built in shortcut to change the user’s password
Now these options have changed a bit in Mavericks.
In Mountain Lion it used to look like this:
sudo touch /private/var/db/.AccessibilityAPIEnabled
In Mavericks however, the option to allow ADPassMon to do it’s thing has moved to
System Preferences -> Security & Privacy -> Privacy:
Chances are, you want to enable this programmatically.
Otherwise your users get presented with this message:
command, but is that really a good idea?
The alternative is to modify the /Library/Application Support/com.apple.TCC/TCC.db database before installing ADPassMon.
When packaging up ADPassMon, add a preinstall script with these two commands:
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "delete from access where client='org.pmbuko.ADPassMon';" sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','org.pmbuko.ADPassMon',0,1,1,NULL);"
If you’re using Composer to build your package, it might look like this: