beautypg.com

Making a password server more secure, Monitoring a password server – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 204

background image

204

Chapter 3

3

Select the user in the list.

4

On the Advanced tab, choose Basic from the “User Password Type” pop-up menu. You will be
prompted to enter and verify a new password.

5

Click Save.

6

Repeat steps 3 through 5 for other users in the domain as required.

7

If the Password Server you want to discontinue using is used to validate passwords of users in
other domains, repeat steps 1 through 6 for each additional domain.

To change multiple user accounts simultaneously, use Command-click or Shift-click to select
all the users whose password strategy needs to be changed. Then use the Advanced tab to
select Basic and enter a password when prompted. Now all the users can log in using the
password you specify, but reset their passwords using the My Account System Preferences
pane after login. Alternatively, you can change the user passwords on the Basic tab for
individual users.

Making a Password Server More Secure

Using a Password Server offers flexible and secure password validation, but you need to make
sure that the server on which a Password Server runs is secure:

m Whenever possible, set up Password Server on a server that is not used for any other

activity.

m Since the load on a Password Server is not particularly high, you can have several (or even

all) of your server-resident directory domains share a single Password Server.

m Make sure that the Password Server’s computer is located in a physically secure area.

m Set up IP firewall service so nothing is accepted from unknown ports. Password Server

uses a well-known port (TCP port 106).

m Equip the server with an uninterruptible power supply.

Monitoring a Password Server

Use the Password Server logs, visible using Server Status, to monitor failed login attempts.

Password Server logs all failed authentication attempts, including IP addresses that generate
them. Periodically review the logs to determine whether there are a large number of failed
trials for the same password ID, indicating that somebody may be generating login guesses.

LL0395.Book Page 204 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: