salt.modules.mac_shadow module

Manage macOS local directory passwords and policies

New in version 2016.3.0.

Note that it is usually better to apply password policies through the creation of a configuration profile.

salt.modules.mac_shadow.del_password(name)

Deletes the account password

Parameters:name (str) -- The user name of the account
Returns:True if successful, otherwise False
Return type:bool
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.del_password username
salt.modules.mac_shadow.get_account_created(name)

Get the date/time the account was created

Parameters:name (str) -- the username of the account
Returns:the date/time the account was created (yyyy-mm-dd hh:mm:ss)
Return type:str
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_account_created admin
salt.modules.mac_shadow.get_change(name)

Gets the date on which the password expires

Parameters:name (str) -- the name of the user account
Returns:The date the password will expire
Return type:str
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_change username
salt.modules.mac_shadow.get_expire(name)

Gets the date on which the account expires

Parameters:name (str) -- the name of the user account
Returns:the date the account expires
Return type:str
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_expire username
salt.modules.mac_shadow.get_last_change(name)

Get the date/time the account was changed

Parameters:name (str) -- the username of the account
Returns:the date/time the account was modified (yyyy-mm-dd hh:mm:ss)
Return type:str
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_last_change admin
salt.modules.mac_shadow.get_login_failed_count(name)

Get the the number of failed login attempts

Parameters:name (str) -- the username of the account
Returns:The number of failed login attempts
Return type:int
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_count admin
salt.modules.mac_shadow.get_login_failed_last(name)

Get the date/time of the last failed login attempt

Parameters:name (str) -- the username of the account
Returns:the date/time of the last failed login attempt on this account

(yyyy-mm-dd hh:mm:ss) :rtype: str

Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_last admin
salt.modules.mac_shadow.get_maxdays(name)

Get the maximum age of the password

Parameters:name (str) -- the username of the account
Returns:the maximum age of the password in days
Return type:int
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_maxdays admin 90
salt.modules.mac_shadow.info(name)

Return information for the specified user

Parameters:name (str) -- the username
Returns:A dictionary containing the user's shadow information
Return type:dict

CLI Example:

salt '*' shadow.info admin
salt.modules.mac_shadow.set_change(name, date)

Sets the date on which the password expires. The user will be required to change their password. Format is mm/dd/yyyy

Parameters:
  • name (str) -- the name of the user account
  • date (date) -- the date the password will expire. Must be in mm/dd/yyyy

format.

Returns:True if successful, otherwise False
Return type:bool
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_change username 09/21/2016
salt.modules.mac_shadow.set_expire(name, date)

Sets the date on which the account expires. The user will not be able to login after this date. Date format is mm/dd/yyyy

Parameters:
  • name (str) -- the name of the user account
  • date (datetime) -- the date the account will expire. Format must be

mm/dd/yyyy

Returns:True if successful, False if not
Return type:bool
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_expire username 07/23/2015
salt.modules.mac_shadow.set_inactdays(name, days)

Set the number if inactive days before the account is locked. Not available in macOS

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_inactdays admin 90
salt.modules.mac_shadow.set_maxdays(name, days)

Set the maximum age of the password in days

Parameters:
  • name (str) -- the username of the account
  • days (int) -- the maximum age of the account in days
Returns:

True if successful, False if not

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_maxdays admin 90
salt.modules.mac_shadow.set_mindays(name, days)

Set the minimum password age in days. Not available in macOS.

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_mindays admin 90
salt.modules.mac_shadow.set_password(name, password)

Set the password for a named user (insecure, the password will be in the process list while the command is running)

Parameters:name (str) -- The name of the local user, which is assumed to be in the

local directory service

Parameters:password (str) -- The plaintext password to set
Returns:True if successful, otherwise False
Return type:bool
Raises:CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' mac_shadow.set_password macuser macpassword
salt.modules.mac_shadow.set_warndays(name, days)

Set the number of days before the password expires that the user will start to see a warning. Not available in macOS

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_warndays admin 90