A mostly bug fixing build of macOSLAPS with a slight new feature.
Temporary Keychain Item
Instead of writing a plain text file to the filesystem, we are now creating a temporary keychain item that the security
command has access to read. This means that you can run macOSLAPS -getpassword
and it will generate a keychain item with a random UUID. This UUID is still written to disk to a file /var/root/.GeneratedLAPSServiceName
which is also hidden. When macOSLAPS runs again the keychain item is removed. Possibly a solution to issue #97
Additional context for Temporary Keychain Item
With this change and depending on the success of this release extension attributes will need rewritten to account for this. The Wiki and examples will be updated.
Agnostic command line flags
You will no longer need to run the command line flags with exact syntax. All command line flags are converted to lowercase and will run accordingly. (Example; You can now run -getPassword
-GETPASSWORD
or -getpassword
and they will all work 👍. Resolves issue #89
Better requirements password building
If you define password requirements we will now select X amount of those characters BEFORE generating the rest of the password. The password is shuffled for good measure as well.
Native Password Verification
We now use Open Directory to natively verify the password. Resolves issue #94
Multiple Packages
Per the request of the LAPS channel in the MacAdmins Slack, there are now multiple packages available all signed and notarized by Apple. If you'd like to continue using just the combined package you can just download the non labeled package.
As always please test and report back your results.