Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
101102103104105106107108109110
Chapter 6 Managing User Authentication Using Workgroup Manager 109
Changing the Password Type to Crypt Password
If necessary, you can use Workgroup Manager to specify a crypt password for a users
account. You can only use crypt passwords for a user account in a shared directory
domain. The user account can be part of an LDAP directory domain or a legacy shared
NetInfo domain (only available when connected to a Mac OS X Server v10.4, v10.3,
or v10.2).
User accounts not used on computers that require a crypt password should have an
Open Directory password or a shadow password. A crypt password is required only for
logging in to a computer with Mac OS X v10.1 or earlier and on computers with some
types of UNIX.
A crypt password is stored as an encrypted value, or hash, in the user account record in
the directory domain. Because the crypt password can be recovered from the directory
domain, it is subject to oine attack and is less secure than other password types.
To specify that a user account have a crypt password:
1 In Workgroup Manager, open the account you want to work with (if it is not open).
To open an account, click the Accounts button, then click the Users button. Click the
small globe icon above the list of users and choose from the pop-up menu to open
the directory domain where the users account resides.
Click the lock and authenticate as a directory domain administrator, then select the
user in the list.
2 Click Advanced.
3 From the User Password Type pop-up menu, choose Crypt Password.
4 When prompted, enter and verify a password, then click OK.
A crypt password can be at most eight bytes (eight ASCII characters) long. If you enter
a longer password, only the rst eight bytes are used.
5 Click Save.
Changing the Password Type to Shadow Password
Using Workgroup Manager, you can specify that a user have a shadow password
stored in a secure le apart from the directory domain. Only users whose accounts
reside in the local directory domain can have a shadow password.
To specify that a user account have a shadow password:
1 In Workgroup Manager, open the account you want to work with (if it is not open).
To open an account, click the Accounts button, then click the Users button. Click the
small globe icon above the list of users and choose from the pop-up menu to open
the local directory domain where the users account resides.