Apple Mac OS X Server (version 10.2.3 or later) User Manual

Users and Groups

139

Consider an example that consists of three shared directory domains. Tony Smith has an
account in the Students domain, and Tom Smith has an account in the root domain. Both
accounts contain the short name “tsmith” and the password “smitty.”

When Tony logs in to his computer with a user name “tsmith” and the password “smitty,” he
is authenticated using the record in the Students domain. Similarly, Tom can use the same
login entries at his computer and be authenticated using his record in the root domain. If
Tony and Tom ever logged in to each other’s computers using tsmith and smitty, they would
both be authenticated, but not with the desired results. Tony could access Tom’s files, and
vice versa.

Now let’s say that Tony and Tom have the same short name, but different passwords.

If Tom attempts to log in to Tony’s computer using the short name “tsmith” and his password
(smitty), his user record is masked by Tony’s user record in the Students domain. Mac OS X
finds “tsmith” in Students, but its password does not match the one Tom used to log in. Tom
is denied access to Tony’s computer, and his record in the root domain is never found.

/

Students

Faculty

Tony’s computer

Tony Smith (tsmith,smitty)

Tom Smith (tsmith,smitty)

Tom’s computer

/

Students

Faculty

Tony Smith (tsmith, tony)

Tom Smith (tsmith, smitty)

Tony’s computer

Tom’s computer

LL0395.Book Page 139 Wednesday, November 20, 2002 11:44 AM