Hello, For two updates or so on Mojave I've encountered an issue reg

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

It should have been resolved with commit: <a class="commit-link" data-hovercard-type="

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-ho

[OSX Mojave 10.14.*] pwpolicy command (deprecated features) about hardening HOT 4 CLOSED

ernw commented on August 24, 2024

[OSX Mojave 10.14.*] pwpolicy command (deprecated features)

from hardening.

Comments (4)

Traxes commented on August 24, 2024 1

Hi @sjfbo ,

sorry for the late response. Indeed they deprecated some of the commands in Sierra and now enforced it in Mojave for global settings. However, i managed to bypass it in a simple way.

you can still set the password policy for a single user like the following:
pwpolicy -u ernw -setpolicy "minChars=8 requiresAlpha=1 requiresNumeric=1 maxMinutesUntilChangePassword=259200 usingHistory=5 usingExpirationDate=1 passwordCannotBeName=1 requiresMixedCase=1 requiresSymbol=1"

Now you can get the plist file of the policy like the following:

pwpolicy getaccountpolicies -u ernw > pwpolicy.plist

you may need to delete some output lines from the command to form a valid XML file.
(I only had to delete the line Getting account policies for user <ernw>)

Now you have to be authenticated as the root user (sudo su) and then you can apply the configuration globally using the following command:
pwpolicy setaccountpolicies pwpolicy.plist

Now using the command pwpolicy getaccountpolicies will return the full changed password policy.

I hope this helps. I will close the issue when i made the Pull request to change this in the Hardening Guide :-).

Thanks for your Input!

from hardening.

Traxes commented on August 24, 2024 1

It should have been resolved with commit: e03a231

Thanks again.

from hardening.

sjfbo commented on August 24, 2024

Thank you!

from hardening.

CodingHorrors commented on August 24, 2024

Hi @sjfbo ,

sorry for the late response. Indeed they deprecated some of the commands in Sierra and now enforced it in Mojave for global settings. However, i managed to bypass it in a simple way.

you can still set the password policy for a single user like the following:
pwpolicy -u ernw -setpolicy "minChars=8 requiresAlpha=1 requiresNumeric=1 maxMinutesUntilChangePassword=259200 usingHistory=5 usingExpirationDate=1 passwordCannotBeName=1 requiresMixedCase=1 requiresSymbol=1"

Now you can get the plist file of the policy like the following:

pwpolicy getaccountpolicies -u ernw > pwpolicy.plist

you may need to delete some output lines from the command to form a valid XML file.
(I only had to delete the line Getting account policies for user <ernw>)

Now you have to be authenticated as the root user (sudo su) and then you can apply the configuration globally using the following command:
pwpolicy setaccountpolicies pwpolicy.plist

Now using the command pwpolicy getaccountpolicies will return the full changed password policy.

I hope this helps. I will close the issue when i made the Pull request to change this in the Hardening Guide :-).

Thanks for your Input!

Thank you so much, this helped me immensely!

from hardening.

[OSX Mojave 10.14.*] pwpolicy command (deprecated features) about hardening HOT 4 CLOSED

Comments (4)

Related Issues (6)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent