[OVAL DEVELOPER] Mac pwpolicy test includes 'password' in the clear?

Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) john.r.ulmer6.civ at mail.mil
Wed Aug 17 10:41:46 EDT 2016

If this has been discussed/settled, please just point me to the discussion.  I searched and did not find anything addressing this directly.

In the Mac OSX pwpolicy59 object, the schema requires a 'userpass' that is used to authenticate to a non-local node.  I not would think the storing of a valid username and password in an open XML document would be a good idea.  There is the option of using the 'xsi:nil' attribute to leave the username and userpass elements empty.  But, in that case, no authentication is performed against a non-local node.  

So, we either have a password in the open or we cannot authenticate to a non-local node?

John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ at mail.mil


More information about the OVAL_Developer mailing list