Hi team! We are trying to use osquery with the

pwd_policy

table and whenever we call the

days_to_expiration

value, it always comes back empty, regardless of the host we query. Any ideas why?

Hello @Billy H thanks for reaching out, sorry to hear your having trouble with that table. We should be able to take a look. Would you mind letting me know which version of Fleet your currently running?

Thanks @Matt Rebelo we are on fleet v4.70.1!

Excellent! Thanks for confirming. Are you expecting a password expiration, as in is one set for that host? Which may seem like an odd question, but macOS for example doesn't have password expiry on by default and would likely return an empty table.

Yes we have the password maximum age to 365 days via MDM config

Excellent! I know that seemed silly to ask, but I appreciate you checking! If possible could you double check the logs for this host? Feel free to DM them to me if you didn't want them visible publicly in this channel. Ultimately in the error logs we should be looking for something like the following

get policyAttributeDaysUntilExpiration failed

That's the error that's supposed to be output when there's no value

policyAttributeDaysUntilExpiration

and could indicate there is something wrong with the password expiration config.

hey matt, I can't find the string

policyAttributeDaysUntilExpiration

any where in the logs, tried rerunning the query and researching for it but no luck

Thanks for the update and additional info, I'm going to loop in our engineering team and double check if there is anything else we need to check here, or if we need to open up a potential bug report.