Specifications
Chapter 6 Managing User Authentication Using Workgroup Manager 11 5
To enable or disable authentication methods for Open Directory passwords:
1 Open Server Admin and connect to an Open Directory master server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Open Directory.
4 Click Settings, then click Policies.
5 Click Authentication, select the authentication methods you want enabled, and
deselect the authentication methods you want disabled.
6 Click Save.
Replicas of the Open Directory master inherit the authentication method settings for
Open Directory passwords in the LDAP directory.
From the command line:
Enable or disable authentication methods for a user with an Open Directory password
using the pwpolicy tool. For information about pwpolicy, see its man page. For the
basics of command-line tool usage, see Introduction to Command-Line Administration.
Assigning Administrator Rights for Open Directory
Authentication
Using Workgroup Manager and an administrator account with rights to work with
Open Directory password settings, you can assign these rights to other user accounts
in the same directory domain.
To assign these rights, your user account must have an Open Directory password
and privileges to administer user accounts. This requirement protects the security
of passwords stored in the Kerberos KDC and the Open Directory Password Server
database.
To assign administrator rights for Open Directory authentication to a user account:
1 In Workgroup Manager, open the account, click Advanced, and make sure Password
Type is set to Open Directory password.
For more information, see “Changing the Password Type to Open Directory” on
page 107.
2 Click Privileges and choose Full in the Administration capabilities pop-up menu.
To restrict the administration capabilities, choose Limited.
3 Click Save.
For more information about setting administrator privileges, see User Management.