Specifications
136 Chapter 8 Managing User and Group Accounts
To set the password policy of a user to require that they change their password:
$ pwpolicy -n /LDAPv3/
ldap.apple.com
-a
adminusername
-p
adminpassword
-u
usertochange
-setpolicy "newPasswordRequired=
1
"
Finding User Account Information
Use the dscacheutil tool to gather information and statistics by querying the Directory
Service cache. You can also interactively use it to find out user account information.
To view a user’s account information:
$ dscacheutil -q user -a name jdoe
name: jdoe
password: ********
uid: 501
gid: 501
dir: /Users/jdoe
shell: /bin/csh
gecos: John Doe
To view all user accounts:
$ dscacheutil -q user
For more information about dscacheutil, see its man page.
Parameter Description
ldap.apple.com
Location of the LDAP directory.
adminusername
User name of an administrator.
adminpassword
Administrator password. (Omit to prompt for the password.)
usertochange
User name of the user whose password is changing.
newPasswordRequired
A value of 1 prompts the user to enter a new password.