-
-
Save danii1/95b4d82e661b99159f3cbb686bb7c947 to your computer and use it in GitHub Desktop.
Sets Os X Password Policies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ################################################################################### | |
| ## Create a pwpolicy XML file based upon variables and options included below. | |
| ## Policy is applied and then file gets deleted. | |
| ## Use "sudo pwpolicy -u <user> -getaccountpolicies" | |
| ## to see it, and "sudo pwpolicy -u <user> -clearaccountpolicies" to clear it. | |
| ## | |
| ## Tested on: OS X 10.10 10.11 10.12 | |
| #################################################################################### | |
| ######################################### | |
| # Make sure only root can run our script | |
| # | |
| if [ "$(id -u)" != "0" ]; then | |
| echo "Please run this script as root" 1>&2 | |
| exit 1 | |
| fi | |
| ########################################## | |
| echo " | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>policyCategoryPasswordContent</key> | |
| <array> | |
| <dict> | |
| <key>policyContent</key> | |
| <string>policyAttributePassword matches '.{10,}+'</string> | |
| <key>policyIdentifier</key> | |
| <string>Has at least 8 characters</string> | |
| <key>policyParameters</key> | |
| <dict> | |
| <key>minimumLength</key> | |
| <integer>8</integer> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>policyContent</key> | |
| <string>policyAttributePassword matches '(.*[a-z].*){1,}+'</string> | |
| <key>policyIdentifier</key> | |
| <string>Has a lower case letter</string> | |
| <key>policyParameters</key> | |
| <dict> | |
| <key>minimumAlphaCharactersLowerCase</key> | |
| <integer>1</integer> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>policyContent</key> | |
| <string>policyAttributePassword matches '(.*[A-Z].*){1,}+'</string> | |
| <key>policyIdentifier</key> | |
| <string>Has an upper case letter</string> | |
| <key>policyParameters</key> | |
| <dict> | |
| <key>minimumAlphaCharacters</key> | |
| <integer>1</integer> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>policyContent</key> | |
| <string>policyAttributePassword matches '(.*[^a-zA-Z0-9].*){1,}+'</string> | |
| <key>policyIdentifier</key> | |
| <string>Has a special character</string> | |
| <key>policyParameters</key> | |
| <dict> | |
| <key>minimumSymbols</key> | |
| <integer>1</integer> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>policyContent</key> | |
| <string>none policyAttributePasswordHashes in policyAttributePasswordHistory</string> | |
| <key>policyIdentifier</key> | |
| <string>Does not match any of last 5 passwords</string> | |
| <key>policyParameters</key> | |
| <dict> | |
| <key>policyAttributePasswordHistoryDepth</key> | |
| <integer>5</integer> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist>" > /private/var/tmp/pwpolicy.plist | |
| ################################################### | |
| # clear account policy before loading a new one | |
| pwpolicy -clearaccountpolicies | |
| pwpolicy -setaccountpolicies /private/var/tmp/pwpolicy.plist | |
| #delete staged pwpolicy.plist | |
| rm -f /private/var/tmp/pwpolicy.plist | |
| echo "Password policy successfully applied. Run \"sudo pwpolicy -getaccountpolicies\" to see it." | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment