beautypg.com

Setting up a password server – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 201

background image

Users and Groups

201

m The password, stored in recoverable or hashed form. The form depends on the network

authentication protocols enabled for the Password Server (using Open Directory
Assistant). If APOP is enabled, the Password Server stores a recoverable (encrypted)
password. Otherwise, only hashes of the passwords are stored.

m Data about the user that is useful for Server Status logging, such as the short name.

m Password policy data.

Setting Up a Password Server

The account for a user validated using the Password Server is stored in a NetInfo or LDAPv3
directory domain that resides on Mac OS X Server. Before you set up a user’s account to use
a Password Server, you need to set up the Password Server.

See Chapter 2, “Directory Services,” for instructions on how to set up a Password Server. It
describes how to use Open Directory Assistant to configure a server to

m host a shared directory domain that uses a Password Server (see page 75 and page 77)

m have its local directory domain use a Password Server (see page 80 and page 81)

Assigning Administrator Rights for a Password Server

In order to work with Password Server user account settings in Workgroup Manager, you
must be a Password Server administrator. This administrator is a domain administrator for
the directory domain with which the Password Server is associated, and the administrator’s
password is validated using that Password Server.

There are two ways a user can become a Password Server administrator:

m The user specified when a particular Password Server is set up (using Open Directory

Assistant) is a Password Server administrator for that Password Server.

m You can use Workgroup Manager to make other users Password Server administrators

after setting up a Password Server.

To make a user a Password Server administrator using Workgroup Manager:

1

Make sure the user has an account in a directory domain associated with the Password
Server, and make sure that you are a Password Server administrator for that Password Server.

2

In Workgroup Manager, open the account you want to work with if it is not already open.

To open an account, click the Accounts button, then use the At pop-up menu to open the
directory domain where the user’s account resides. Click the lock to be authenticated, then
select the user in the list.

3

In the Basic tab, if you are working in the local domain, select the ““User can administer the
server” option. If you are working in a shared domain, select the “User can administer this
directory domain” option.

LL0395.Book Page 201 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: