EA to determine whether current user is logging in with "iCloud password" feature

Contributor III

We are using the pwpolicy binary to set the password complexity requirements of managed Macs. Unfortunately, there's a big loophole in this policy in Yosemite. Using an iCloud password instead of a standard local account password exempts you from pwpolicy settings.


There's little we can do about preventing people from using iCloud password, but we can report on which people are using iCloud password to log in using this extension attribute:


Expected output:
- Starts with "True" if iCloud password is in use.
- Starts with "False" if iCloud password is not in use, or OS is 10.9 or earlier.
- Starts with "Unknown" if we can't tell (e.g. nobody is logged in).