/ad-password-handler

Program for handling active directory passwords on a linux machine

Primary LanguageJavaMIT LicenseMIT

AD Password Handler

Build Status Code Analysis

Overview

If you are a linux guy trapped in a corporate windows environment with an active directory domain controller and annoying password policies, this tool is for you. It checks the expiration of your active directory password on your linux machine. If the password will expire in a given time, a popup is shown where you can directly change it:

Screenshot

Prerequisites

Installation

  • Create install directory:
sudo mkdir /opt/ad-password-handler
  • Download necessary files:
sudo wget https://raw.githubusercontent.com/chrisipa/ad-password-handler/master/bin/ad-password-handler -O /opt/ad-password-handler/ad-password-handler
sudo wget https://papke.it/jenkins/job/ad-password-handler/lastStableBuild/de.papke%24ad-password-handler/artifact/de.papke/ad-password-handler/1.0.3/ad-password-handler-1.0.3.jar -O /opt/ad-password-handler/ad-password-handler.jar
  • Make starter script executable:
sudo chmod +x /opt/ad-password-handler/ad-password-handler

Configuration

  • Create the config directory:
mkdir ~/.ad-password-handler
  • Create the SMB credentials file with your user account data:
vi ~/.ad-password-handler/smb.properties
...
username=my-username
password=my-password
domain=my-domain
  • Create the AD configuration file with system user account data:
vi ~/.ad-password-handler/ad.properties
...
host=my-ad-controller-hostname-or-ip
port=389
baseDn=DC=my,DC=domain,DC=grp
userDn=CN=Name,OU=Group,OU=Users,OU=Organisation,DC=my,DC=domain,DC=grp
userSecret=Password
  • You can get your AD configuration with a tool called AD-Explorer
  • For security reasons you should be the only one who can read the config directory:
chown -R myuser.mygroup ~/.ad-password-handler
chmod -R 700 ~/.ad-password-handler

Usage

  • Show help text:
/opt/ad-password-handler/ad-password-handler --help
usage: ad-password-handler
 -c,--config-dir <arg>          Config directory with smb credentials and
                                ad configuration
                                [default: ~/.ad-password-handler]
 -d,--days-till-warning <arg>   Days until password expiration to show
                                warning
                                [default: 14]
 -h,--help                      Print this help text
  • Run directly from console:
/opt/ad-password-handler/ad-password-handler
  • Setup as session script:
gnome-session-properties -> add script
  • Share your SMB credentials with fstab:
sudo vi /etc/fstab
...
//10.10.10.1/share /media/share smbfs credentials=/home/myuser/.ad-password-handler/smb.properties,uid=1000,gid=1000 0 0