Modify pwpolicy in Sierra

I am trying to modify default Sierra password policies through pwpolicy, trying for example, to lower the depth of password history from 24 to 1 by hitting as sudoer:

sudo pwpolicy setaccountpolicies "policyAttributePasswordHistoryDepth=1"

But it is not working. The error message is:

Error: Policy file not found

The policyIdentifier I try to change that gets listed (with many more) when hitting pwpolicy getaccountpolicies reads like this:

<key>policyIdentifier</key>             
<string>ProfilePayload:[HASHED_VALUE]:pinHistory</string>           
<key>policyParameters</key>             
<dict>
  <key>policyAttributePasswordHistoryDepth</key>
  <integer>24</integer>             
</dict>

How is the proper way of doing it?

Solution 1:

Ok, this is how I finally resolved it, though I am not sure if it is the properest way.

As @patrix pointed out, pwpolicy setaccountpolicies requires for the path of a XML file with the policies.

pwpolicy getaccountpolicies gives the current global policies in XML format, so I redirected the output to a file with pwpolicy getaccountpolicies > file.plist , removing the possible info messages the command might write and leaving only the XML structure.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>policyCategoryPasswordChange</key>
    <array>
    ...
    </array>
</dict>
</plist>

Then I changed the value I wanted to modify in my case, in the file I created (file.plist):

<key>policyIdentifier</key>             
<string>ProfilePayload:[HASHED_VALUE]:pinHistory</string>           
<key>policyParameters</key>             
<dict>
  <key>policyAttributePasswordHistoryDepth</key>
  <integer>2</integer>             
</dict>

Finally I used that file to update the policy: pwpolicy setaccountpolicies /path/to/file.plist