Specifications
78 Chapter 6 Managing User Authentication
Changing the Password Type to Crypt Password
Using Workgroup Manager, you can specify that a crypt password be used for
authenticating one or more user accounts stored in an LDAP or NetInfo directory
domain. The LDAP directory domain can be on any server, but cannot be a read-only
directory. The NetInfo domain can be on any Mac OS X Server.
The crypt password is stored as an encrypted value, or hash, in the user account.
Because the crypt password can be recovered easily from the directory domain, it is
subject to offline attack and therefore is less secure than other password types.
To specify that a user account authenticate using a crypt password:
1 In Workgroup Manager, open the account you want to work with if it is not already
open.
To open an account, click the Accounts button, then click the Users button. Click the
small globe icon above the list of users and choose from the pop-up menu to open the
directory domain where the user’s account resides. Click the lock and authenticate as a
directory domain administrator. Then select the user in the list.
2 Click Advanced, then choose “Crypt password” from the User Password Type pop-up
menu.
3 If you changed the user’s password type, you will be prompted to enter and verify a
new password.
If you are working with a new user, enter the password on the Basic pane in the
Password field, then reenter it in the Verify field.
A crypt password can be at most eight bytes (eight ASCII characters) long. If you enter
a longer password, only the first eight bytes are used.
4 Click Save.
LL2352.Book Page 78 Friday, August 22, 2003 3:12 PM