beautypg.com

Migrating passwords, Setting up password validation options, Storing passwords in user accounts – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 198: Storing passwords in user accounts 198

background image

198

Chapter 3

Authentication Manager may be of interest if you are using it on a version 10.1 server that you
want to upgrade to version 10.2 or if you need to support AFP clients prior to version 3.8.3.
See “Using Authentication Manager” on page 197 for more information.

Local Windows hash provides SMB authentication support for a local NetInfo domain. It is
intended for Windows personal file sharing, but can also be used on your server. To enable it,
use the Accounts system preference.

Migrating Passwords

When you import user accounts from computers running Mac OS X Server version 10.1 or
earlier, no authentication authority attribute exists. Therefore all these users have basic
password validation enabled initially.

While all the existing passwords can continue to be used after importing the users, if you
want to use the Password Server for imported users, you’ll need to reset their passwords
after importing them. “Exporting and Importing Users With Password Server Passwords” on
page 203 describes how to work with import files and Password Server.

When migrating Authentication Manager users, you have several options:

m If you upgrade server version 10.1 to version 10.2, existing users can continue to use their

same passwords.

m You can also switch to Password Server, or use Password Server for only some users. Users

of both types can coexist in the same NetInfo domain.

Setting Up Password Validation Options

The sections that follow describe how to set up the different kinds of password validation for
individual users:

m To store a password in a user’s account, see “Storing Passwords in User Accounts” on

page 198.

m To use a Password Server to validate a user’s password, see “Enabling the Use of a

Password Server for a User” on page 202.

m To use a Kerberos server, see “Integrating Mac OS X With a Kerberos Server” on page 206.

m To use LDAP bind authentication, see “Using LDAP Bind Authentication” on page 208.

Storing Passwords in User Accounts

This password management strategy is the default strategy, but cannot be used to validate
the passwords of clients that require network-secure authentication protocols. (The single
exception is users created using Mac OS X Server version 10.1 or later in NetInfo domains
with Authentication Manager enabled.) Use the Password Server if you need to support these
kinds of client computers.

LL0395.Book Page 198 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: