macos_security icon indicating copy to clipboard operation
macos_security copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

setting pwpolicy_file

Open GregoryEAllen opened this issue 3 years ago • 1 comments

Problem to solve

As far as I can tell, there's no programmatic way to set pwpolicy_file in the generated compliance script.

Perhaps it'd be useful to add an option:

generate_guidance.py --pwpolicy_file=/path/to/pwpolicy.xml

This would be a fairly small patch.

Intended users

Anyone that wants to use a pwpolicy_file

I apologize if I'm missing it somewhere in the docs.

GregoryEAllen avatar Aug 24 '21 15:08 GregoryEAllen

@robertgendler said on #90

As the PR currently exists, it needs an absolute path when fed the option --pwpolicy_file, please re-submit and account for relative paths.

The PR's behavior is that the compliance script will look for the pwpolicy_file relative to its CWD when executing. Although this is expected behavior for relative paths, I agree it's undesirable -- it limits what can be the CWD when the compliance script is run.

Instead, I can have it generate the compliance script to contain the contents of the pwpolicy_file, and save those contents out to a temporary file before setting the policy. That way it doesn't depend on finding an external file.

GregoryEAllen avatar Sep 12 '21 19:09 GregoryEAllen

This is closed. The feature is not planned as the future with password policies is DDM and NIST 800-63 and the one executive order outlines not to have complex password policies.

robertgendler avatar Feb 23 '24 19:02 robertgendler