Change a Mac user's password temporarily

As a sysadmin, there may be times when you absolutely must access somebody's actual desktop for legitimate reasons -- or some clandestine ones. But in an environment where users are allowed their own passwords and are for whatever reason unavailable, and you either don't want to reset the password or don't want to be caught, you may want to reset the password for the duration of your use, and change it back after you're done.

The first step is to determine the user's hash ID. Password hashes are stored in the /var/db/shadow/hash directory. To see the hash IDs for all users, you can use the dscl command as root: dscl . -list /Users GeneratedUID

You will see a list of all "short" names for users and their hash IDs.

In this case, the hash ID for the user `drsavoye` is 6D5D3B6D-5D64-4396-ACD3-6FFCE4DC75E3. Now, navigate to /var/db/shadow/hash/, where you will see the files 6D5D3B6D-5D64-4396-ACD3-6FFCE4DC75E3 and 6D5D3B6D-5D64-4396-ACD3-6FFCE4DC75E3.state. The *.state files store information such as the number of failed login attempts for a user, whether or not the password expires and the last login date.

Make a backup, preferably outside of this directory, of both files. Now, remove them both from the hash directory. The user will now have no password, but they system still thinks they do, so you will not be able to log in with a blank password.

Change the user's password to something temporary by using passwd drsavoye. Now, you will be able to log in to their desktop with the password you chose. In later versions of OS X you may be prompted to reset or delete their keychain file -- "Cancel" or close the dialog, as you want the keychain to still use the old password.

When finished, log the user out first and restore the copies of the files you deleted back into the hash directory.



Read Full Post