As I understand it, the NSA used to provide Apple with hardening guides for Mac OS X. However, they have not done so for Lion.
Does anyone know where I can get similar information for Lion?
For example, I wish to set global password policy for users who are not on a Mac controlled by an OS X server. The man pages indicate that pwpolicy should do it, but as far as I can tell, pwpolicy does NOTHING to global policy.
After sudoing to root, I issue this command:
# pwpolicy -n /Local/Default -getglobalpolicy
This returns a blank line. If I try to set a global policy:
# pwpolicy -n /Local/Default -setglobalpolicy "usingHistory=10"
This returns with no errors (shown). However, if I ask to see all the global settings again, it once again returns a blank line. Experimenting with resetting the password indicates that the change didn't take.
It appears that Apple is abandoning pwpolicy, but I don't know what I am supposed to use in its place.
If any of you know where I can get this kind of low level administrative help, I would be very appreciative.
Does anyone know where I can get similar information for Lion?
For example, I wish to set global password policy for users who are not on a Mac controlled by an OS X server. The man pages indicate that pwpolicy should do it, but as far as I can tell, pwpolicy does NOTHING to global policy.
After sudoing to root, I issue this command:
# pwpolicy -n /Local/Default -getglobalpolicy
This returns a blank line. If I try to set a global policy:
# pwpolicy -n /Local/Default -setglobalpolicy "usingHistory=10"
This returns with no errors (shown). However, if I ask to see all the global settings again, it once again returns a blank line. Experimenting with resetting the password indicates that the change didn't take.
It appears that Apple is abandoning pwpolicy, but I don't know what I am supposed to use in its place.
If any of you know where I can get this kind of low level administrative help, I would be very appreciative.