Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
111112113114115116117118119120
Chapter 6 Managing User Authentication Using Workgroup Manager 11 7
If you congure an LDAP connection that doesn’t map the password and
authentication authority attributes, bind authentication occurs automatically.
For more information, see Conguring LDAP Searches and Mappings on page 14 6.
2 If you congure the connection to permit clear text passwords, also congure it to use
SSL to protect the clear text password while it is in transit.
For more information, see “Changing the Security Policy for an LDAP Connection on
page 145 and “Changing the Connection Settings for an LDAP Directory on page 143.
Setting Passwords of Exported or Imported Users
When you export user accounts whose password type is Open Directory or shadow
password, passwords are not exported. This protects the security of the Open Directory
Password Server database and shadow password les.
Before importing, you can use a spreadsheet application to open the le of exported
users and set their passwords, which they can change the next time they log in. For
instructions for working with les of exported users, see User Management.
After importing user accounts, you have the following options for setting passwords:
You can set all imported accounts to use a temporary password, which each user Â
can change the next time he or she logs in. For more information, see “Resetting the
Passwords of Multiple Users on page 106.
You can set the password of each imported user account in the Basic pane of Â
Workgroup Manager. For more information, see Changing a User’s Password on
page 105.
Migrating Passwords from Mac OS X Server v10.1 or Earlier
User accounts can be migrated from earlier versions of Mac OS X Server by importing
the account records or upgrading the server where they reside.
User accounts created with Mac OS X Server v10.1 or earlier have no authentication
authority attribute but they do have crypt passwords.
If you import user accounts from Mac OS X Server v10.1 or earlier, these user accounts
are initially congured to have crypt passwords. If you import these accounts to the
servers local directory domain, each is converted from crypt password to shadow
password when the user or administrator changes the password or when the user
authenticates to a service that can use a recoverable authentication method.
For information about importing user accounts, see User Management.
Likewise, if you upgrade from Mac OS X Server v10.1 or earlier, user accounts created
before upgrading are assumed to have crypt passwords.