EA to determine whether current user is logging in with "iCloud password" feature

elliotjordan
Contributor III

We are using the pwpolicy binary to set the password complexity requirements of managed Macs. Unfortunately, there's a big loophole in this policy in Yosemite. Using an iCloud password instead of a standard local account password exempts you from pwpolicy settings.

219e70ea7e8741df9fcbe87a4da1c0bc

There's little we can do about preventing people from using iCloud password, but we can report on which people are using iCloud password to log in using this extension attribute:

https://gist.github.com/homebysix/207353d2edf2916de081

Expected output:
- Starts with "True" if iCloud password is in use.
- Starts with "False" if iCloud password is not in use, or OS is 10.9 or earlier.
- Starts with "Unknown" if we can't tell (e.g. nobody is logged in).

0 REPLIES 0