Remove password of user on OSX
238
Solution 1
I think the problem you're having with @Daniel Beck's answer is that the password isn't stored in the user record's Password attribute, but as a shadow hash file in /var/db/shadow/hash/USERGUID, and the AuthenticationAuthority attribute still points to that. This seems to work for me:
sudo dscl . -delete /Users/buildbot AuthenticationAuthority
buildbotGUID=$(dscl . -read /Users/buildbot GeneratedUID | awk '{print $2}')
sudo rm "/var/db/shadow/hash/$buildbotGUID" "/var/db/shadow/hash/$buildbotGUID.state"
Ideally, you should also remove the account's Kerberos principal (OS X clients run their own "local" Kerberos realm, and it occasionally gets underfoot). But that's a bit more complicated, and I think depends a fair bit on which version of OS X you're using.
BTW, if the above doesn't completely do the trick, try this:
sudo dscl . -create /Users/buildbot AuthenticationAuthority ";DisabledUser;"
Solution 2
You need to set the password to a single * character (asterisk, star) using dscl.
sudo dscl . -create /Users/buildbot Password '*'
Be sure to escape or quote (as shown) it so it doesn't get interpreted by your shell.
This will (when read) not be displayed as ******** like any other password, but as *, which just means "no password".
Related videos on Youtube
03 : 13
How To Reset Your OS X Password If You Forget It
04 : 58
How to bypass and remove MacBook login password - Works on all Macs (READ DESCRIPTION)
04 : 26
Updated March 2022, Reset Mac OSX password using Single User Mode
02 : 25
HOW TO DISABLE PASSWORD LOGIN from MAC OS!
![How to Disable Password Login From macOS Big Sur [Tutorial]](https://i.ytimg.com/vi/45Xgg3CX0fI/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAON23eHJT-46xgwIC93uUSHInBGg)
02 : 30
How to Disable Password Login From macOS Big Sur [Tutorial]
Author by
Fictional
Updated on September 18, 2022Comments
-
Fictional over 1 year
What's the purpose of having a business vault when we can apply business rules while building information marts?
-
Canadian Luke over 12 yearsI'm confused: you want them to not have a password, but not have a blank password? -
nlucaroni over 12 yearsyeah. I guess the same affect may be having a blank password and locking the account? (from looking around,unix.stackexchange.com/questions/7283/…). Would this be correct?
-
Canadian Luke over 12 yearsThat looks right, but I didn't quite understand your question based on wording alone. I would recommend editing it to say so, and if that is the answer, paste what was said and give credit as an answer
-
nlucaroni over 12 yearsNo it's not right for OSX;
passwd -lis for location not lock. I edited the question accordingly. Does it need further clarification? I thought I was being pretty precise. -
Canadian Luke over 12 yearsMy confusion came from your second sentance, that's all. And the OSX part is what drew me in, but I don't use dscl to make users, I use the GUI part
-
HikeMike over 12 yearsWhat version of OS X is this? Can you reproduce this behavior of being unable to delete the
Passwordentry with a new account created using System Preferences? -
HikeMike over 12 yearsAre you ignoring
dsclprogram output? That last command,change, has a different syntax. The page of error output should tell you... -
nlucaroni over 12 yearsI'm sorry, I mistyped, it should have been create.
-
HikeMike over 12 yearsJust curious, what's the output of
dscl . -read /Users/usernamefor a user that was entirely created using the GUI? -
HikeMike over 12 yearsCan you reproduce the behavior with a new user account just created using System Preferences?
-
nlucaroni over 12 yearsAs much as I would like to figure out the problem, at this point too much time has been invested in deleting a stupid key when I already had a solution (the command line creation) that works. I'm going to delete the user and run the commands that I need. It would still be wonderful to have an answer, but I don't think that is going to happen.
-
-
nlucaroni over 12 yearsThis did not update the password; after executing the command I can still use the old password. is it possible that it should be
-changeinstead of-create? -
HikeMike over 12 years@nlucaroni Did you
-delete /Users/buildbot Passwordbefore executing that line? My reference starting point was the code in your question, which didn't mention creation of a password. -
nlucaroni over 12 yearsNo, I did not delete anything; I thought you were referring to my earlier made accounts. Do I have to do this to the newly created account through the command line? It appears to be doing what I want without setting that key at all.
-
HikeMike over 12 years@nlucaroni Now I understand what you mean. It's difficult with multiple questions combined into one. Run
dsclwith the arguments in my earlier comment first to delete the old password, then set the new one to'*'.-changemight work, I haven't tested it myself though. What do you mean by without setting that key at all? What's the output ofdscl . -read /Users/buildbot Password? -
nlucaroni over 12 yearsI deleted the key, and then created one as you prescribed on the machines with accounts that already had passwords, but I can still log in with the old account password. I am guessing I'll have to restart the box? (I cannot do it now to test this). "without setting the key" was referring to my account created via the command line by the commands I listed above, that one seems to be working fine without setting a key or needing to set it to '*'.
-
HikeMike over 12 years@nlucaroni Cannot reproduce. If I set the password through System Preferences (it's an account created through the GUI), I can e.g.
suto that account using the password I set. Then I justsudo dscl . -create /Users/name Password '*'andsufails. How are you logging into that account after removing the password? Remember that root cansuinto any account, and e.g. SSH keys will still work to authenticate SSH clients. -
nlucaroni over 12 yearsDelete isn't deleting the key. when I read the value on the machine that never had a password set I get the expected, no such key. but when I run the command on the other box, after a delete, i get '*****'.
-
nlucaroni over 12 yearsI open a new terminal (to avoid sudo permissions still active) and using
su -
HikeMike over 12 years@nlucaroni
sudoesn't usesudo, they are completely independent.suasks for the target account's password,sudofor your own. Don't usesudo su, just runsu buildbotto get queried for buildbot's password. -
nlucaroni over 12 yearsyeah i know what the difference is and I didn't use
sudo su. I meant, since sudo was used to change the keys, the terminal still was unlocked. I guess it doesn't matter since I didn't use sudo anyway in the command, I was just being 100% sure since I'm not a usual OSX user. -
nlucaroni over 12 yearsDisabling the account is functionally equivalent to locking it?
-
Gordon Davisson over 12 yearsMostly; there are probably some subtle differences. Note that the "disabled" setting is in the AuthenticationAuthority attribute, so generally it only disables authentication, not other account functions. I don't know enough about buildbot to know this will interfere with it.
-
Fictional almost 8 yearsThanks a lot, @tobi6.
