Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
71727374757677787980
74 Chapter 6 Managing User Authentication
Changing the Global Password Policy
Using Server Admin, you can set a global password policy for user accounts in a
Mac OS X Server directory domain. The global password policy affects user accounts in
the server’s local directory domain. If the server is an Open Directory master or replica,
the global password policy also affects the server’s LDAP directory domain. If you
change the global password policy on an Open Directory replica, the policy settings
will eventually be synchronized with the master and any other replicas of it.
Both Kerberos and Open Directory Password Server enforce password policies. Some
password policy rules apply to Open Directory Password Server and Kerberos, and
some apply only to Open Directory Password Server. Mac OS X Server synchronizes the
password policy rules that apply to both Kerberos and Open Directory Password Server.
Administrator accounts are always exempt from password policies. Each user can have
an individual password policy that overrides some of the global password policy
settings. For more information, see “Setting Password Policies for Individual Users on
page 75.
To change the global password policy of all user accounts in the same domain:
1 Open Server Admin and select Open Directory for a server in the Computers & Services
list.
2 Click Settings (near the bottom of the window), then click Authentication (near the
top).
3 Set the password policy options you want enforced for users who do not have their
own individual password policies.
“Disable login on __”: If you select this option, enter a date in mm/dd/yyyy format; for
example, 02/22/2005.
“Password must be changed every __”: If you select this option, remember that some
service protocols don’t allow users to change passwords. For example, users can’t
change their passwords when authenticating for IMAP mail service, and users can’t
change passwords when authenticating for Windows file service.
4 Click Save.
Replicas of the Open Directory master automatically inherit its global password policy.
LL2352.Book Page 74 Friday, August 22, 2003 3:12 PM