Manage macOS local directory passwords and policies
New in version 2016.3.0.
Note that it is usually better to apply password policies through the creation of a configuration profile.
salt.modules.mac_shadow.del_password(name)¶Deletes the account password
| Parameters: | name (str) – The user name of the account |
|---|---|
| Returns: | True if successful, otherwise False |
| Return type: | bool |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.del_password username
salt.modules.mac_shadow.get_account_created(name)¶Get the date/time the account was created
| Parameters: | name (str) – The username of the account |
|---|---|
| Returns: | The date/time the account was created (yyyy-mm-dd hh:mm:ss) |
| Return type: | str |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_account_created admin
salt.modules.mac_shadow.get_change(name)¶Gets the date on which the password expires
| Parameters: | name (str) – The name of the user account |
|---|---|
| Returns: | The date the password will expire |
| Return type: | str |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_change username
salt.modules.mac_shadow.get_expire(name)¶Gets the date on which the account expires
| Parameters: | name (str) – The name of the user account |
|---|---|
| Returns: | The date the account expires |
| Return type: | str |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_expire username
salt.modules.mac_shadow.get_last_change(name)¶Get the date/time the account was changed
| Parameters: | name (str) – The username of the account |
|---|---|
| Returns: | The date/time the account was modified (yyyy-mm-dd hh:mm:ss) |
| Return type: | str |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_last_change admin
salt.modules.mac_shadow.get_login_failed_count(name)¶Get the the number of failed login attempts
| Parameters: | name (str) – The username of the account |
|---|---|
| Returns: | The number of failed login attempts |
| Return type: | int |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_login_failed_count admin
salt.modules.mac_shadow.get_login_failed_last(name)¶Get the date/time of the last failed login attempt
| Parameters: | name (str) – The username of the account |
|---|---|
| Returns: | The date/time of the last failed login attempt on this account (yyyy-mm-dd hh:mm:ss) |
| Return type: | str |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_login_failed_last admin
salt.modules.mac_shadow.get_maxdays(name)¶Get the maximum age of the password
| Parameters: | name (str) – The username of the account |
|---|---|
| Returns: | The maximum age of the password in days |
| Return type: | int |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.get_maxdays admin 90
salt.modules.mac_shadow.info(name)¶Return information for the specified user
| Parameters: | name (str) – The username |
|---|---|
| Returns: | A dictionary containing the user’s shadow information |
| Return type: | dict |
CLI Example:
salt '*' shadow.info admin
salt.modules.mac_shadow.set_change(name, date)¶Sets the date on which the password expires. The user will be required to change their password. Format is mm/dd/yyyy
| Parameters: |
|
|---|---|
| Returns: | True if successful, otherwise False |
| Return type: | |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.set_change username 09/21/2016
salt.modules.mac_shadow.set_expire(name, date)¶Sets the date on which the account expires. The user will not be able to login after this date. Date format is mm/dd/yyyy
| Parameters: |
|
|---|---|
| Returns: | True if successful, False if not |
| Return type: | |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.set_expire username 07/23/2015
salt.modules.mac_shadow.set_inactdays(name, days)¶Set the number if inactive days before the account is locked. Not available in macOS
| Parameters: | |
|---|---|
| Returns: | Will always return False until macOS supports this feature. |
| Return type: |
CLI Example:
salt '*' shadow.set_inactdays admin 90
salt.modules.mac_shadow.set_maxdays(name, days)¶Set the maximum age of the password in days
| Parameters: | |
|---|---|
| Returns: | True if successful, False if not |
| Return type: | |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' shadow.set_maxdays admin 90
salt.modules.mac_shadow.set_mindays(name, days)¶Set the minimum password age in days. Not available in macOS.
| Parameters: | |
|---|---|
| Returns: | Will always return False until macOS supports this feature. |
| Return type: |
CLI Example:
salt '*' shadow.set_mindays admin 90
salt.modules.mac_shadow.set_password(name, password)¶Set the password for a named user (insecure, the password will be in the process list while the command is running)
| Parameters: | |
|---|---|
| Returns: | True if successful, otherwise False |
| Return type: | |
| Raises: | CommandExecutionError on user not found or any other unknown error |
CLI Example:
salt '*' mac_shadow.set_password macuser macpassword
salt.modules.mac_shadow.set_warndays(name, days)¶Set the number of days before the password expires that the user will start to see a warning. Not available in macOS
| Parameters: | |
|---|---|
| Returns: | Will always return False until macOS supports this feature. |
| Return type: |
CLI Example:
salt '*' shadow.set_warndays admin 90
Docs for previous releases are available on readthedocs.org.
Latest Salt release: 2018.3.3
salt.modules.mac_service module