Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
111112113114115116117118119120
Chapter 6 Managing User Authentication Using Workgroup Manager 11 3
From the command line:
To change the global password policy of user accounts: m
$ pwpolicy -a authenticator -setpolicy -u user "option=value..."
For example, to require that an authenticators password be a minimum of 12
characters and have no more than 3 failed login attempts, enter the following in a
Terminal window, where authenticator is the authenticators name and user is the
users name.
$ pwpolicy -a authenticator -setpolicy -u user "minChars=12
maxFailedLoginAttempts=3"
Parameter Description
authenticator The authenticators name.
user The user’s name.
option The password policy option being changed. For
information about available policy options, see
the
pwpolicy man page.
value The value of the password policy.
For information about pwpolicy, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.
Selecting Authentication Methods for Shadow Password
Users
Using Workgroup Manager, you can select which authentication methods will be
available for a user account whose password type is Shadow Password.
A shadow password supports available authentication methods for compatibility
with client software. If you know the user will never use client software that requires
an authentication method, you can disable the method. For more information, see
“Disabling Shadow Password Authentication Methods on page 53.
If you disable an authentication method, its hash is removed from the user’s shadow
password le the next time the user authenticates.
If you enable an authentication method that was disabled, the enabled method’s hash
is added to the user’s shadow password le the next time the user authenticates for a
service that can use a clear text password, such as a login window or AFP.
Alternatively, the users password can be reset to add the newly enabled methods
hash. The user can reset the password, or a directory administrator can do it.
To enable or disable authentications for user accounts whose password type is
Open Directory, see the next topic.