Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
71727374757677787980
76 Chapter 6 Managing User Authentication
Changing a Users Password Type
You can set the password type on the Advanced pane of Workgroup Manager to one of
the following:
Open Directory
Shadow password
Crypt password
Setting a users password type to Open Directory enables multiple legacy
authentication methods and also enables single signon and Kerberos if the users
account is in an LDAP directory. You can also enable a user account to use simple LDAP
bind authentication. For explanations of the authentication options, see Chapter 3,
“User Authentication With Open Directory.”
Changing the Password Type to Open Directory
Using Workgroup Manager, you can specify that Open Directory be used for
authenticating one or more user accounts stored in the local directory domain or the
LDAP directory domain of Mac OS X Server. In addition, you can specify that Open
Directory be used for authenticating user accounts in any LDAP or NetInfo directory
domain residing on a server with Mac OS X Server version 10.2.
The Open Directory password type supports single signon using Kerberos
authentication. It also supports the Simple Authentication and Security Layer (SASL)
authentication protocols, which include APOP, CRAM-MD5, DHX, Digest-MD5, MS-
CHAPv2, SMB-NT, SMB-LAN Manager, and WebDAV-Digest.
To set a user account’s password type to Open Directory, you must have administrator
rights for Open Directory authentication in the directory domain that contains the user
account. This means you must authenticate as a directory domain administrator whose
password type is Open Directory. For more information, see “Assigning Administrator
Rights for Open Directory Authentication on page 80.
LL2352.Book Page 76 Friday, August 22, 2003 3:12 PM