beautypg.com

The authentication authority attribute, Choosing a password – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 196

background image

196

Chapter 3

See “Using a Password Server” on page 200 for details about this strategy.

m Using a Kerberos server. This option is not supported by all services but offers the

opportunity to integrate into existing Kerberos environments. As in the case of the
Password Server, if the Kerberos server is unavailable, users whose passwords are verified
using it are unable to use your server.

See “Using Kerberos” on page 205 for details about this strategy.

m Using an LDAP server. This option, like Kerberos, offers a way to integrate your Mac OS X

Server into an existing authentication scheme.

See “Using LDAP Bind Authentication” on page 208 for details about this strategy.

The Authentication Authority Attribute

To authenticate a user, Mac OS X directory services first locates the user’s record using the
user name provided by the user. Then it determines which password validation scheme to
use by consulting the “authentication authority” attribute in the user’s account.

The authentication authority attribute identifies the password validation scheme and
provides additional information as required. For example, if a Password Server is being used,
the location of the Password Server is part of the authentication authority value.

If a user’s account contains no authentication authority attribute, the basic strategy is used.
For example, user accounts created using Mac OS X version 10.1 and earlier contain no
authentication authority attribute.

Choosing a Password

The password associated with a user’s account must be entered by the user before he or she
can be authenticated. The password is case sensitive (except for SNB LAN Manager
passwords) and does not appear on the screen as it is entered.

Regardless of the password validation option you use for any user, here are some guidelines
for composing a password for Mac OS X Server users:

m A password should contain letters, numbers, and symbols in combinations that won’t be

easily guessed by unauthorized users. Passwords should not consist of actual words. Good
passwords might include digits and symbols (such as # or $). Or they might consist of
the first letter of all the words in a particular phrase. Use both uppercase and lowercase
letters.

m Avoid spaces and Option-key combinations.

m Avoid characters that can’t be entered on computers the user will be using or which might

require knowing a special key-stroke combination to enter correctly on different
keyboards and platforms.

m Some network protocols, such as IMAP, do not support passwords that contain leading

spaces, embedded spaces, or trailing spaces.

LL0395.Book Page 196 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: