macOSLAPS icon indicating copy to clipboard operation
macOSLAPS copied to clipboard

Published 20 hours ago verified publisher icon joshua-d-miller

Password Reset Function Cannot Find a Password that Meets Requirements

Open brianhm opened this issue 2 years ago • 5 comments

Monterey 12.6.3 MacBook Pro (13-inch, M1, 2020)

Script result: Error|2023-02-15 16:30:15|macosLAPS|We were unable to generate a password with the requirements specified. Please run macOSLAPS again or change your password requirements

Script being Used: `#!/bin/bash

Manual Reset of LAPS Password

/usr/local/laps/macosLAPS -resetPassword

exit 0`

Configuration Profile being Used: Preference Domain: edu.psu.macoslaps <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DaysTillExpiration</key> <integer>1</integer> <key>LocalAdminAccount</key> <string>servicedesk</string> <key>PasswordLength</key> <integer>14</integer> <key>RemovePassChars</key> <string>{}[]|</string> <key>Method</key> <string>Local</string> <key>PasswordRequirements</key> <dict> <key>Lowercase</key> <integer>2</integer> <key>Uppercase</key> <integer>2</integer> <key>Number</key> <integer>2</integer> <key>Symbol</key> <integer>2</integer> </dict> </dict> </plist>

brianhm avatar Feb 15 '23 22:02 brianhm

Hello there!

I believe I found the issue in ValidatePassword.Swift. The original line was this:

"[.*! \"#$%&'()*+,-./:;<=>?@\\[\\\\\\]^_`{|}~]"

Where when we are creating this requirement for amount of symbols I believe we need .* in front of it like the others so it should look like this:

".*[.*! \"#$%&'()*+,-./:;<=>?@\\[\\\\\\]^_`{|}~]"

I will hopefully publish a new build over the weekend that you can try and see if this remedies the issue.

Thanks!

joshua-d-miller avatar Feb 18 '23 03:02 joshua-d-miller

This now appears to only happen on my Ventura test box, for what it's worth. Running 13.2.1. I've been able to reset it as many times as I want on my Monterey box with no issues. Here is the config profile from Managed Preferences folder:

`user@USC02VD0XKHV2T ~ % plutil -p /Library/Managed\ Preferences/edu.psu.macoslaps.plist{  "DaysTillExpiration" => 1  "LocalAdminAccount" => "admin"  "Method" => "Local"  "PasswordLength" => 14  "PasswordRequirements" => {    "Lowercase" => 2    "Number" => 2    "Symbol" => 2    "Uppercase" => 2  }  "RemovePassChars" => "{}[]|"}

`

brianhm avatar Feb 21 '23 19:02 brianhm

Any updates, Joshua?

brianhm avatar Mar 03 '23 13:03 brianhm

I've encountered the same on Ventura / Sonoma. I've opened the project in Xcode and am able to change that line Joshua shared in February 2023. I can sign it with my own developer account but that's probably not the proper way to go forward.

JordyThery avatar Jan 30 '24 06:01 JordyThery

Hi there!

Could you try the 4.0.0 prerelease version and let me know if the Password Requirements seem to work better now. The new method is we grab your requirements and get the characters needed to fulfill that requirement, shuffle them, then we generate the rest of your password, and finally shuffle the characters around again for a random password that should meet your requirements.

Thanks!

joshua-d-miller avatar Feb 28 '24 21:02 joshua-d-miller