W3cubDocs

/SaltStack

salt.modules.mac_shadow module

Manage macOS local directory passwords and policies

New in version 2016.3.0.

Note that it is usually better to apply password policies through the creation of a configuration profile.

salt.modules.mac_shadow.del_password(name)

Deletes the account password

Parameters: name (str) -- The user name of the account
Returns: True if successful, otherwise False
Return type: bool
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.del_password username

salt.modules.mac_shadow.get_account_created(name)

Get the date/time the account was created

Parameters: name (str) -- The username of the account
Returns: The date/time the account was created (yyyy-mm-dd hh:mm:ss)
Return type: str
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_account_created admin

salt.modules.mac_shadow.get_change(name)

Gets the date on which the password expires

Parameters: name (str) -- The name of the user account
Returns: The date the password will expire
Return type: str
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_change username

salt.modules.mac_shadow.get_expire(name)

Gets the date on which the account expires

Parameters: name (str) -- The name of the user account
Returns: The date the account expires
Return type: str
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_expire username

salt.modules.mac_shadow.get_last_change(name)

Get the date/time the account was changed

Parameters: name (str) -- The username of the account
Returns: The date/time the account was modified (yyyy-mm-dd hh:mm:ss)
Return type: str
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_last_change admin

salt.modules.mac_shadow.get_login_failed_count(name)

Get the the number of failed login attempts

Parameters: name (str) -- The username of the account
Returns: The number of failed login attempts
Return type: int
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_count admin

salt.modules.mac_shadow.get_login_failed_last(name)

Get the date/time of the last failed login attempt

Parameters: name (str) -- The username of the account
Returns: The date/time of the last failed login attempt on this account (yyyy-mm-dd hh:mm:ss)
Return type: str
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_login_failed_last admin

salt.modules.mac_shadow.get_maxdays(name)

Get the maximum age of the password

Parameters: name (str) -- The username of the account
Returns: The maximum age of the password in days
Return type: int
Raises: CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.get_maxdays admin 90

salt.modules.mac_shadow.info(name)

Return information for the specified user

Parameters: name (str) -- The username
Returns: A dictionary containing the user's shadow information
Return type: dict

CLI Example:

salt '*' shadow.info admin

salt.modules.mac_shadow.set_change(name, date)

Sets the date on which the password expires. The user will be required to change their password. Format is mm/dd/yyyy

Parameters:
  • name (str) -- The name of the user account
  • date (date) -- The date the password will expire. Must be in mm/dd/yyyy format.
Returns:

True if successful, otherwise False

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_change username 09/21/2016

salt.modules.mac_shadow.set_expire(name, date)

Sets the date on which the account expires. The user will not be able to login after this date. Date format is mm/dd/yyyy

Parameters:
  • name (str) -- The name of the user account
  • date (datetime) -- The date the account will expire. Format must be mm/dd/yyyy.
Returns:

True if successful, False if not

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_expire username 07/23/2015

salt.modules.mac_shadow.set_inactdays(name, days)

Set the number if inactive days before the account is locked. Not available in macOS

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_inactdays admin 90

salt.modules.mac_shadow.set_maxdays(name, days)

Set the maximum age of the password in days

Parameters:
  • name (str) -- The username of the account
  • days (int) -- The maximum age of the account in days
Returns:

True if successful, False if not

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' shadow.set_maxdays admin 90

salt.modules.mac_shadow.set_mindays(name, days)

Set the minimum password age in days. Not available in macOS.

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_mindays admin 90

salt.modules.mac_shadow.set_password(name, password)

Set the password for a named user (insecure, the password will be in the process list while the command is running)

Parameters:
  • name (str) -- The name of the local user, which is assumed to be in the local directory service
  • password (str) -- The plaintext password to set
Returns:

True if successful, otherwise False

Return type:

bool

Raises:

CommandExecutionError on user not found or any other unknown error

CLI Example:

salt '*' mac_shadow.set_password macuser macpassword

salt.modules.mac_shadow.set_warndays(name, days)

Set the number of days before the password expires that the user will start to see a warning. Not available in macOS

Parameters:
  • name (str) -- The user name
  • days (int) -- The number of days
Returns:

Will always return False until macOS supports this feature.

Return type:

bool

CLI Example:

salt '*' shadow.set_warndays admin 90

© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mac_shadow.html