Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2908: How to enable password reminder messages for Mac OS X

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:08 AM

Applies to: Centrify DirectControl for Mac OS X

Question:

Does Centrify have group policy options to manage or customize the password reminder prompt for Mac OS X?


Answer:
  • Centrify DirectControl has several policy options to enable message prompts for different account conditions including password error, password expiration and account lockout.
  • However, only the "Set password expiry approaching text" will produce a prompt at the main GUI login screen.
  • The other messages will only appear for command-line logins, such as when using SSH or Terminal to log an AD account into the Mac.

NOTE: The prompt only appears during login - it does NOT appear when switching between user sessions via Fast User Switching as those are not user logins.


The GP can be found at:
  • Computer Configuration / Centrify Settings / DirectControl Settings / Password Prompts / "Set password expiry approaching text"
(Note: The centrifydc_settings.xml template needs to be added into the GPO for this policy to be visible)


By default, the reminder prompt is set to appear 14 days before the users password is due to expire. 
This value can also be configured via the GP at:
  • Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options / "Interactive Logon: Prompt user to change password before expiration"

Note that the above settings can also be manually configured on a per-machine basis by editing the configuration file at: /etc/centrifydc/centrifydc.conf

Search for the following parameters within the file for a description of how to configure them:
  • pam.password.expiry.warn
  • pam.password.expiry.warn.mesg

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.