salt.modules.mac_shadow

Manage macOS local directory passwords and policies

New in version 2016.3.0.

Note that it is usually better to apply password policies through the creation of a configuration profile.

salt.modules.mac_shadow.del_password(name)

Deletes the account password

Parameters:

name (str) -- The user name of the account

Returns:

True if successful, otherwise False

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.del_password username
salt.modules.mac_shadow.get_account_created(name)

Get the date/time the account was created

Parameters:

name (str) -- The username of the account

Returns:

The date/time the account was created (yyyy-mm-dd hh:mm:ss) or 0 if the value is not defined

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_account_created admin
salt.modules.mac_shadow.get_change(name)

Gets the date on which the password expires

Parameters:

name (str) -- The name of the user account

Returns:

The date the password will expire

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_change username
salt.modules.mac_shadow.get_expire(name)

Gets the date on which the account expires

Parameters:

name (str) -- The name of the user account

Returns:

The date the account expires

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_expire username
salt.modules.mac_shadow.get_last_change(name)

Get the date/time the account was changed

Parameters:

name (str) -- The username of the account

Returns:

The date/time the account was modified (yyyy-mm-dd hh:mm:ss) or 0 if the value is not defined

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_last_change admin
salt.modules.mac_shadow.get_login_failed_count(name)

Get the number of failed login attempts

Parameters:

name (str) -- The username of the account

Returns:

The number of failed login attempts. 0 may mean there are no failed login attempts or the value is not defined

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_count admin
salt.modules.mac_shadow.get_login_failed_last(name)

Get the date/time of the last failed login attempt

Parameters:

name (str) -- The username of the account

Returns:

The date/time of the last failed login attempt on this account (yyyy-mm-dd hh:mm:ss) or 0 if the value is not defined

Return type:

str

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_last admin
salt.modules.mac_shadow.get_maxdays(name)

Get the maximum age of the password

Parameters:

name (str) -- The username of the account

Returns:

The maximum age of the password in days

Return type:

int

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_maxdays admin 90
salt.modules.mac_shadow.info(name)

Return information for the specified user

Parameters:

name (str) -- The username

Returns:

A dictionary containing the user's shadow information

Return type:

dict

CLI Example:

salt '*' shadow.info admin
salt.modules.mac_shadow.set_change(name, date)

Sets the date on which the password expires. The user will be required to change their password. Format is mm/dd/yyyy

Parameters:
  • name (str) -- The name of the user account

  • date (date) -- The date the password will expire. Must be in mm/dd/yyyy format.

Returns:

True if successful, otherwise False

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_change username 09/21/2016
salt.modules.mac_shadow.set_expire(name, date)

Sets the date on which the account expires. The user will not be able to login after this date. Date format is mm/dd/yyyy

Parameters:
  • name (str) -- The name of the user account

  • date (datetime) -- The date the account will expire. Format must be mm/dd/yyyy.

Returns:

True if successful, False if not

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_expire username 07/23/2015
salt.modules.mac_shadow.set_inactdays(name, days)

Set the number if inactive days before the account is locked. Not available in macOS

Parameters:
  • name (str) -- The user name

  • days (int) -- The number of days

Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_inactdays admin 90
salt.modules.mac_shadow.set_maxdays(name, days)

Set the maximum age of the password in days

Parameters:
  • name (str) -- The username of the account

  • days (int) -- The maximum age of the account in days

Returns:

True if successful, False if not

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_maxdays admin 90
salt.modules.mac_shadow.set_mindays(name, days)

Set the minimum password age in days. Not available in macOS.

Parameters:
  • name (str) -- The user name

  • days (int) -- The number of days

Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_mindays admin 90
salt.modules.mac_shadow.set_password(name, password)

Set the password for a named user (insecure, the password will be in the process list while the command is running)

Parameters:
  • name (str) -- The name of the local user, which is assumed to be in the local directory service

  • password (str) -- The plaintext password to set

Returns:

True if successful, otherwise False

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' mac_shadow.set_password macuser macpassword
salt.modules.mac_shadow.set_warndays(name, days)

Set the number of days before the password expires that the user will start to see a warning. Not available in macOS

Parameters:
  • name (str) -- The user name

  • days (int) -- The number of days

Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_warndays admin 90