Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
71727374757677787980
Chapter 6 Managing User Authentication 75
Setting Password Policies for Individual Users
Using Workgroup Manager, you can set password policies for individual user accounts
whose password type is Open Directory. The password policy for a user overrides the
global password policy defined on the Authentication Settings pane of Open Directory
service in Server Admin. Administrator accounts are always exempt from password
policies.
Both Kerberos and Open Directory Password Server enforce password policies. Some
password policy rules apply to Open Directory Password Server and Kerberos, and
some apply only to Open Directory Password Server. Mac OS X Server synchronizes the
password policy rules that apply to both Kerberos and Open Directory Password Server.
To set a user account’s password policy, you must have administrator rights for Open
Directory authentication in the directory domain that contains the user accounts
whose password policy you want to change. This means you must authenticate as a
directory domain administrator whose password type is Open Directory. For more
information, see “Assigning Administrator Rights for Open Directory Authentication on
page 80.
To change the password policy for a user account:
1 In Workgroup Manager, open the account you want to work with if it is not already
open.
To open an account, click the Accounts button, then click the Users button. Click the
small globe icon above the list of users and choose from the pop-up menu to open the
directory domain where the user’s account resides. Click the lock and authenticate as a
directory domain administrator whose password type is Open Directory. Then select
the user in the list.
2 Click Advanced, then click Options.
You can click Options only if the password type is Open Directory.
3 Change password policy options, then click OK.
“Disable login on date __”: If you select this option, enter a date in mm/dd/yyyy
format; for example, 02/22/2005.
“Require a change every __ days”: If you select this option, remember that some
service protocols don’t allow users to change passwords. For example, users can’t
change their passwords when authenticating for IMAP mail service.
The password ID is a unique 128-bit number assigned when the password is created in
the Open Directory Password Server database. It might be helpful in troubleshooting,
since it appears in the Password Server log when a problem occurs. View this Open
Directory log in Server Admin.
4 Click Save.
LL2352.Book Page 75 Friday, August 22, 2003 3:12 PM