Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
111112113114115116117118119120
Chapter 6 Managing User Authentication Using Workgroup Manager 111
Administrator accounts are exempt from password policies. Each user can have an
individual password policy that overrides global password policy settings. For more
information, see “Setting Password Policies for Individual Users on page 11 2 .
Kerberos and Open Directory Password Server maintain password policies separately.
Mac OS X Server synchronizes the Kerberos password policy rules with Open Directory
Password Server password policy rules.
To change the global password policy of user accounts in the same domain:
1 Open Server Admin and connect to an Open Directory master or replica server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Open Directory.
4 Click Settings, then click Policies.
5 Click Passwords, then set the password policy options you want enforced for users
who do not have individual password policies.
If you select an option that requires resetting the password, remember that some
service protocols don’t permit users to change passwords. For example, users can’t
change their passwords when authenticating for IMAP mail service.
6 Click Save.
Replicas of the Open Directory master inherit its global password policy.
From the command line:
To change the global password policy of user accounts: m
$ pwpolicy -a authenticator -setglobalpolicy "option=value..."
For example, to require that an authenticators password be a minimum of 12
characters and have no more than 3 failed login attempts, enter the following in a
Terminal window, where authenticator is the authenticators name.
$ pwpolicy -a authenticator -setglobalpolicy "minChars=12
maxFailedLoginAttempts=3"
Parameter Description
authenticator The authenticators name.
option The password policy option being changed. For
information about available policy options, see
the
pwpolicy man page.
value The value of the password policy.
For information about pwpolicy, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.