Hello,
We have set in a profile that a password expires after 500 days.
Now we want to know how long the user has until he has to change the password.
How can I find out when a password expires on a Mac?
We currently have an extension attributes:
#!/bin/bash
#Shows the loggedInUser
loggedInUser=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
#Returns the value of the date when the password was last changed or created
setPassDate=$(date -r $(sudo dscl . -read /Users/$loggedInUser accountPolicyData | tail -n +2 | plutil -extract passwordLastSetTime xml1 -o - -- - | sed -n "s/<real>\([0-9]*\).*/\1/p") +"%Y-%m-%d")
#The Global Policy from Configuration Profile
pwGlobalPolicy=$(pwpolicy -getaccountpolicies)
pwGlobalPolicy=$(echo ${pwGlobalPolicy:32})
echo $pwGlobalPolicy >/private/tmp/pwGlobalPolicy.plist
pwGlobalPolicy=$(/usr/libexec/PlistBuddy -c 'print :policyCategoryPasswordChange:0:policyParameters:policyAttributeExpiresEveryNDays' /private/tmp/pwGlobalPolicy.plist)
rm '/private/tmp/pwGlobalPolicy.plist'
#Subtracts current date and "setPassDate" and converts them in days
result=$(echo $((($(date +%s) - $(date -j -f "%Y-%m-%d" "$setPassDate" +%s)) / (60 * 60 * 24))))
echo "<result>$(($pwGlobalPolicy - $result))</result>"
But this script calculates the time.
It checks when the password was last changed, and checks how many days it takes for the password to expire in our profile, and uses these two pieces of information to calculate the days until the password will expire.
The script basically works, but is there a " cleaner" way?
So does apple have a function where you can read this out directly and no longer have to calculate it manually?
Thanks for all the input!
