authchanger

The authchanger binary can be used to manipulate the authentication database used by the loginwindow application. Functions include the following:

  • Determines the order of mechanism execution

  • Enable Jamf Connect Login for Okta or OpenID Connect (OIDC) identity providers (IdPs)

  • Reset the database to the default state.

authchanger is installed by the Jamf Connect Login installation package in the following location:

/Library/Security/SecurityAgentPlugins/JamfConnectLogin.bundle/Contents/MacOS/authchanger

Then, it is used by the post-installscript in the package to set up the database for authentication. This tool must run as root.

Note: Use the -reset command before making changes to ensure the authentication database is in its default setting.

Commands

The following authchanger commands can be used:

Command

Description

-version

Lists the version number

-help

Lists the help statement

-reset

Resets the authentication database to macOS default settings

-Okta

Enables Jamf Connect Login with Okta

-OIDC

Enables Jamf Connect Login with OpenID Connect IdPs

-print

Lists the current authorization mechanisms

-debug

Lists any changes and their possible outcomes

-DefaultJCRight

Enables Jamf Connect authentication to be used for sudo and other system preference changes.

You can also specify custom rules:

Command

Description

-prelogin

Specifies the mechanism to be used before the UI displays

-preAuth

Specifies the mechanism to be used between the login UI and authentication

-postAuth

Specifies the mechanism to be used after authentication

Examples

Consider the following commonly used authchanger commands:

Command

Description

/usr/local/bin/authchanger -print

Displays the current authorization database settings.

/usr/local/bin/authchanger -reset -OIDC

Ensures the authorization database is reset to factory defaults, and then enables Jamf Connect Login with OpenID Connect IdPs with the loginwindow.

Related Information

For related information about adding non-default mechanisms to Jamf Connect Login, see Additonal Mechanisms.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.