Jamf Nation Community

MPL · ‎06-09-2023

Hello Jamf Nation,

We are working on a project to require all of our users to update their passwords lengths from 8 digits to 12 digits.

I already have a configuration profile setup for the minimum passcode length (see below).

Additionally, I have a script setup in a policy to grab the user ID and set the device to require a change of password (see below)

# Pulls the current logged in user
currUser=$(ls -l /dev/console | awk '{print $3}')
pwpolicy -u "$currUser" -setpolicy "newPasswordRequired=1"

My question is, is there a way to add to my script to check the length of the current user password and if it meets the password requirements, to skip and not require a password change?

AJPinto · ‎06-12-2023

All you can really do is see what the password requirements are on the device, not whether or not a password meets those requirements as far as I am aware.

If the users password no longer meets the PW requirements when you update the configuration profile, macOS will force the user to update the password without you needing to do anything else.

MPL · ‎06-15-2023

Hello AJPinto,

Thanks for the reply. I setup a configuration profile to test on a machine.

The machine had an 8 digit passcode, and the configuration profile called for a 12 digit passcode.

- It did not require the machine to update the password when applied. The only way it would, is if you have "Change at Next Authentication (macOS 10.13 or later)" toggled on to "Enforce".

Without having the option above toggled on, the machine was never prompted to update the password 😥

Jamf Nation Community

Requiring users to update password length