From 08dc48ec77f8c2a82dfd1ac902a7bec57da84c38 Mon Sep 17 00:00:00 2001
From: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Date: Mon, 4 Mar 2024 15:39:54 -0500
Subject: [PATCH] fix: removed duplicate policies

Removed password policies from the pwpolicy.xml file that can be set with a profile.

Issue #373
---
 includes/pwpolicy.xml | 92 +++----------------------------------------
 1 file changed, 5 insertions(+), 87 deletions(-)

diff --git a/includes/pwpolicy.xml b/includes/pwpolicy.xml
index 3e59a98c..6f468bb8 100644
--- a/includes/pwpolicy.xml
+++ b/includes/pwpolicy.xml
@@ -4,19 +4,6 @@
   <dict>
     <key>policyCategoryAuthentication</key>
     <array>
-      <dict>
-        <key>policyContent</key>
-        <string>(policyAttributeFailedAuthentications &lt; policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime &gt; (policyAttributeLastFailedAuthenticationTime + autoEnableInSeconds))</string>
-        <key>policyIdentifier</key>
-        <string>Authentication Lockout</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>autoEnableInSeconds</key>
-          <integer>300</integer>
-          <key>policyAttributeMaximumFailedAuthentications</key>
-          <integer>3</integer>
-        </dict>
-      </dict>
       <dict>
         <key>policyContent</key>
         <string>policyAttributeLastAuthenticationTime &gt; policyAttributeCurrentTime - (policyAttributeInactiveDays * 24 * 60 * 60)</string>
@@ -29,20 +16,6 @@
         </dict>
       </dict>
     </array>
-    <key>policyCategoryPasswordChange</key>
-    <array>
-      <dict>
-        <key>policyContent</key>
-        <string>policyAttributeCurrentTime &gt; policyAttributeLastPasswordChangeTime + (policyAttributeExpiresEveryNDays * 24 * 60 * 60)</string>
-        <key>policyIdentifier</key>
-        <string>Password Expires after 60 days</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>policyAttributeExpiresEveryNDays</key>
-          <integer>60</integer>
-        </dict>
-      </dict>
-    </array>
     <key>policyCategoryPasswordContent</key>
     <array>
       <dict>
@@ -56,39 +29,6 @@
           <integer>1</integer>
         </dict>
       </dict>
-      <dict>
-        <key>policyContent</key>
-        <string>policyAttributeLastPasswordChangeTime &lt; policyAttributeCurrentTime - (policyAttributeMinimumLifetimeHours * 60 * 60)</string>
-        <key>policyIdentifier</key>
-        <string>Minimum Password Lifetime</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>policyAttributeMinimumLifetimeHours</key>
-          <integer>24</integer>
-        </dict>
-      </dict>
-      <dict>
-        <key>policyContent</key>
-        <string>policyAttributePassword matches '.{15,}+'</string>
-        <key>policyIdentifier</key>
-        <string>Must be at least 15 characters</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>minimumLength</key>
-          <integer>15</integer>
-        </dict>
-      </dict>
-      <dict>
-        <key>policyContent</key>
-        <string>policyAttributePassword matches '(.*[0-9].*){1,}+'</string>
-        <key>policyIdentifier</key>
-        <string>Must have at least 1 numeric value</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>minimumNumericCharacters</key>
-          <integer>2</integer>
-        </dict>
-      </dict>
       <dict>
         <key>policyContent</key>
         <string>policyAttributePassword matches '(.*[a-z].*){1,}+'</string>
@@ -102,37 +42,15 @@
       </dict>
       <dict>
         <key>policyContent</key>
-        <string>policyAttributePassword matches '(.*[A-Za-z].*){1,}+'</string>
+        <string>policyAttributeLastPasswordChangeTime &lt; policyAttributeCurrentTime - (policyAttributeMinimumLifetimeHours * 60 * 60)</string>
         <key>policyIdentifier</key>
-        <string>Must have at least 1 Letter</string>
+        <string>Minimum Password Lifetime</string>
         <key>policyParameters</key>
         <dict>
-          <key>minimumAlphaCharacters</key>
-          <integer>1</integer>
-        </dict>
-      </dict>
-      <dict>
-        <key>policyContent</key>
-        <string>policyAttributePassword matches '(.*[^a-zA-Z0-9].*){1,}+'</string>
-        <key>policyIdentifier</key>
-        <string>Must have at least 1 special characters</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>minimumSymbols</key>
-          <integer>1</integer>
-        </dict>
-      </dict>
-      <dict>
-        <key>policyContent</key>
-        <string>none policyAttributePasswordHashes in policyAttributePasswordHistory</string>
-        <key>policyIdentifier</key>
-        <string>Cannot match the last 5 passwords</string>
-        <key>policyParameters</key>
-        <dict>
-          <key>policyAttributePasswordHistoryDepth</key>
-          <integer>5</integer>
+          <key>policyAttributeMinimumLifetimeHours</key>
+          <integer>24</integer>
         </dict>
       </dict>
     </array>
   </dict>
-  </plist>
\ No newline at end of file
+</plist>
\ No newline at end of file