usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

setting pwpolicy_file #273

New Issue
Closed
opened 2026-01-19 18:29:53 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:29:53 +00:00
Owner
Copy Link

Originally created by @GregoryEAllen on GitHub.

Problem to solve

As far as I can tell, there's no programmatic way to set pwpolicy_file in the generated compliance script.

Perhaps it'd be useful to add an option:

generate_guidance.py --pwpolicy_file=/path/to/pwpolicy.xml

This would be a fairly small patch.

Intended users

Anyone that wants to use a pwpolicy_file

I apologize if I'm missing it somewhere in the docs.

Originally created by @GregoryEAllen on GitHub. ### Problem to solve As far as I can tell, there's no programmatic way to set `pwpolicy_file` in the generated compliance script. Perhaps it'd be useful to add an option: generate_guidance.py --pwpolicy_file=/path/to/pwpolicy.xml This would be a fairly small patch. ### Intended users Anyone that wants to use a `pwpolicy_file` I apologize if I'm missing it somewhere in the docs.
michael commented 2026-01-19 18:29:53 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

This is closed. The feature is not planned as the future with password policies is DDM and NIST 800-63 and the one executive order outlines not to have complex password policies.

@robertgendler commented on GitHub: This is closed. The feature is not planned as the future with password policies is DDM and NIST 800-63 and the one executive order outlines not to have complex password policies.
michael commented 2026-01-19 18:29:54 +00:00
Author
Owner
Copy Link

@GregoryEAllen commented on GitHub:

@robertgendler said on #90

As the PR currently exists, it needs an absolute path when fed the option --pwpolicy_file, please re-submit and account for relative paths.

The PR's behavior is that the compliance script will look for the pwpolicy_file relative to its CWD when executing. Although this is expected behavior for relative paths, I agree it's undesirable -- it limits what can be the CWD when the compliance script is run.

Instead, I can have it generate the compliance script to contain the contents of the pwpolicy_file, and save those contents out to a temporary file before setting the policy. That way it doesn't depend on finding an external file.

@GregoryEAllen commented on GitHub: @robertgendler said on #90 >As the PR currently exists, it needs an absolute path when fed the option --pwpolicy_file, please re-submit and account for relative paths. The PR's behavior is that the compliance script will look for the `pwpolicy_file` relative to its CWD when executing. Although this is expected behavior for relative paths, I agree it's undesirable -- it limits what can be the CWD when the compliance script is run. Instead, I can have it generate the compliance script to contain the contents of the `pwpolicy_file`, and save those contents out to a temporary file before setting the policy. That way it doesn't depend on finding an external file.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#273
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?