salt.modules.mac_shadow module

Manage macOS local directory passwords and policies

New in version 2016.3.0.

Note that it is usually better to apply password policies through the creation of a configuration profile.

salt.modules.mac_shadow.del_password(name)

Deletes the account password

Parameters

name (str) -- The user name of the account

Returns

True if successful, otherwise False

Return type

bool

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.del_password username
salt.modules.mac_shadow.get_account_created(name)

Get the date/time the account was created

Parameters

name (str) -- The username of the account

Returns

The date/time the account was created (yyyy-mm-dd hh:mm:ss)

Return type

str

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_account_created admin
salt.modules.mac_shadow.get_change(name)

Gets the date on which the password expires

Parameters

name (str) -- The name of the user account

Returns

The date the password will expire

Return type

str

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_change username
salt.modules.mac_shadow.get_expire(name)

Gets the date on which the account expires

Parameters

name (str) -- The name of the user account

Returns

The date the account expires

Return type

str

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_expire username
salt.modules.mac_shadow.get_last_change(name)

Get the date/time the account was changed

Parameters

name (str) -- The username of the account

Returns

The date/time the account was modified (yyyy-mm-dd hh:mm:ss)

Return type

str

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_last_change admin
salt.modules.mac_shadow.get_login_failed_count(name)

Get the the number of failed login attempts

Parameters

name (str) -- The username of the account

Returns

The number of failed login attempts

Return type

int

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_count admin
salt.modules.mac_shadow.get_login_failed_last(name)

Get the date/time of the last failed login attempt

Parameters

name (str) -- The username of the account

Returns

The date/time of the last failed login attempt on this account (yyyy-mm-dd hh:mm:ss)

Return type

str

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_last admin
salt.modules.mac_shadow.get_maxdays(name)

Get the maximum age of the password

Parameters

name (str) -- The username of the account

Returns

The maximum age of the password in days

Return type

int

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_maxdays admin 90
salt.modules.mac_shadow.info(name, **kwargs)

Return information for the specified user

Parameters

name (str) -- The username

Returns

A dictionary containing the user's shadow information

Return type

dict

CLI Example:

salt '*' shadow.info admin
salt.modules.mac_shadow.set_change(name, date)

Sets the date on which the password expires. The user will be required to change their password. Format is mm/dd/yyyy

Parameters
  • name (str) -- The name of the user account

  • date (date) -- The date the password will expire. Must be in mm/dd/yyyy format.

Returns

True if successful, otherwise False

Return type

bool

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_change username 09/21/2016
salt.modules.mac_shadow.set_expire(name, date)

Sets the date on which the account expires. The user will not be able to login after this date. Date format is mm/dd/yyyy

Parameters
  • name (str) -- The name of the user account

  • date (datetime) -- The date the account will expire. Format must be mm/dd/yyyy.

Returns

True if successful, False if not

Return type

bool

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_expire username 07/23/2015
salt.modules.mac_shadow.set_inactdays(name, days)

Set the number if inactive days before the account is locked. Not available in macOS

Parameters
  • name (str) -- The user name

  • days (int) -- The number of days

Returns

Will always return False until macOS supports this feature.

Return type

bool

CLI Example:

salt '*' shadow.set_inactdays admin 90
salt.modules.mac_shadow.set_maxdays(name, days)

Set the maximum age of the password in days

Parameters
  • name (str) -- The username of the account

  • days (int) -- The maximum age of the account in days

Returns

True if successful, False if not

Return type

bool

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_maxdays admin 90
salt.modules.mac_shadow.set_mindays(name, days)

Set the minimum password age in days. Not available in macOS.

Parameters
  • name (str) -- The user name

  • days (int) -- The number of days

Returns

Will always return False until macOS supports this feature.

Return type

bool

CLI Example:

salt '*' shadow.set_mindays admin 90
salt.modules.mac_shadow.set_password(name, password)

Set the password for a named user (insecure, the password will be in the process list while the command is running)

Parameters
  • name (str) -- The name of the local user, which is assumed to be in the local directory service

  • password (str) -- The plaintext password to set

Returns

True if successful, otherwise False

Return type

bool

Raises

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' mac_shadow.set_password macuser macpassword
salt.modules.mac_shadow.set_warndays(name, days)

Set the number of days before the password expires that the user will start to see a warning. Not available in macOS

Parameters
  • name (str) -- The user name

  • days (int) -- The number of days

Returns

Will always return False until macOS supports this feature.

Return type

bool

CLI Example:

salt '*' shadow.set_warndays admin 90