Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
101102103104105106107108109110
Chapter 6 Managing User Authentication Using Workgroup Manager 107
If you change the password of accounts whose password type is Open Directory and
the accounts reside in the LDAP directory of an Open Directory replica or master,
the change becomes synchronized with the master and its replicas. Mac OS X Server
synchronizes changes to Open Directory passwords among a master and its replicas.
Changing a Users Password Type
You can set the password type in the Advanced pane of Workgroup Manager to one
of the following:
 Open Directory: Enables multiple legacy authentication methods and also enables
single sign-on Kerberos authentication if the users account is in the LDAP directory
of an Open Directory master or replica.
Open Directory passwords are stored separately from the directory domain in the
Open Directory Password Server database and the Kerberos KDC. See “Changing the
Password Type to Open Directory on page 107.
 Shadow password: Enables multiple legacy authentication methods for user accounts
in the local directory domain. Shadow passwords are stored separately from the
directory domain in les readable only by the root user account. See Changing the
Password Type to Shadow Password on page 109.
 Crypt password: Provides basic authentication for a user account in a shared
directory domain. A crypt password is stored in the user account record in the
directory domain. A crypt password is required to log in to Mac OS X v10.1 or earlier.
See “Changing the Password Type to Crypt Password on page 109.
Changing the Password Type to Open Directory
Using Workgroup Manager, you can specify that a user account have an Open
Directory password stored in secure databases apart from the directory domain. User
accounts in the following directory domains can have Open Directory passwords:
LDAP directory domain on Mac OS X Server v10.3–v10.6 Â
Local directory domain of Mac OS X Server v10.3 or a server upgraded from v10.3 Â
Directory domain on Mac OS X Server v10.2 that is congured to use a Â
Password Server
The Open Directory password type supports single sign-on using Kerberos
authentication. It also supports the Open Directory Password Server, which oers
Simple Authentication and Security Layer (SASL) authentication protocols, including
APOP, CRAM-MD5, DHX, Digest-MD5, MS-CHAPv2, NTLMv2, NTLM (also referred to as
Windows NT or SMB-NT), LAN Manager (LM), and WebDAV-Digest.