Re: [Fed-Talk] Password policy for non-networked Macs
Re: [Fed-Talk] Password policy for non-networked Macs
- Subject: Re: [Fed-Talk] Password policy for non-networked Macs
- From: Ruben Brochner <email@hidden>
- Date: Thu, 09 Sep 2010 16:18:18 -0400
Matthew,
The following command issued by a local administrator should set the global password policy for "Standard" accounts:
sudo pwpolicy -n /Local/Default -setglobalpolicy "minChars=14 requiresAlpha=1 requiresNumeric=1 requiresMixedCase=1 requiresSymbol=1 passwordCannotBeName=1 maxFailedLoginAttempts=3 minutesUntilFailedLoginReset=60 notGuessablePattern=1 maxMinutesUntilChangePassword=86400"
Please note that pwpolicy limitations do not apply to "Administrator" accounts even though the System Preferences Account pane might lead an administrative user to believe that it does. This can result in a password being changed even though the system has informed a user that his new password was too short, etc. Also, the limitations do not apply during the creation of an account by an administrator.
- Ruben
On Sep 9, 2010, at 3:36 PM, Matthew Smith wrote:
> We have a number of Mac Pros we just got for our organization. We need to require 14-character passwords with upper and lowercase letters and a symbol and a number as might be expected. However, no Macs are allowed on the base network, and there will be no server linking these. I have tried to locally use the pwpolicy CLI tool to do this, but I keep getting:
>
> ***Error: eDSAuthFailed : (-14090) for dsDoDirNodeAuth
> Method = dsAuthMethodStandard:dsAuthSetPasswd
>
> when I try any commands for global or even individual users. I'm putting in my admin password when asked for a password to execute the command. When I do a -getglobalpolicy, I do see all the default settings though. I feel there's some step I'm missing to either setup or activate the password server so I can make changes to it... any advice?
>
> Yours,
> TSgt Matthew Smith
> The USAF Band
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden