I see your confusion. The documentation only mentions Crypt passwords
as and old-style way of leaving passwords around if you need
interoperability with 10.0 or 10.1 machines. By default, you're
already using a shadow password and have been for quite a few releases
now.
- Jordan
On Jan 1, 2008, at 3:09 PM, Tabitha McNerney wrote:
On 1/1/08, Jordan K. Hubbard <[EMAIL PROTECTED]> wrote:
Let's ask a different question: What are you trying to achieve?
- Jordan
Hi Jordan,
You raise a good question, about what I am trying to achieve. My
concern is that, after reading Apple's Mac OS X Server Leopard
documentation, it strikes me that crypt passwords are less secure
compared to other options such as Shadow Passwords, as I quote the
Leopard Server OpenDirectory documentation (PDF):
User accounts not used on computers that require a crypt password
should have an
Open Directory password or a shadow password. A crypt password is
required only for
logging in to a computer with Mac OS X v10.1 or earlier and on
computers with some
types of UNIX.
A crypt password is stored as an encrypted value, or hash, in the
user account record in
the directory domain. Because the crypt password can be recovered
from the directory
domain, it is subject to offline attack and is less secure than
other password types.
Maybe I am misinterpreting, but it strikes me that Apple is
recommending that, if possible, a crypt password should be last on
the list of password type choices.
Thanks,
T.M.
On Jan 1, 2008, at 2:04 AM, Tabitha McNerney wrote:
> Hello all --
>
> I am happily running Leopard Server and installing MacPorts 1.6.0.
> Some of the ports install users in the local directory domain (with
> Leopard Apple has officially done away with NetInfo by the way).
> There is an option using Workgroup Manager -- a GUI tool only
> bundled by Apple with Mac OS X Server, to change the password type
> of local directory domain users (for example, the user "ldap"
> installed by MacPorts as part of the openldap port) from crypt to
> Shadow Password. Has anyone ever tried this and if so are there any
> reasons not to switch from crypt to Shadow Password?
>
> Thank,
>
> -T.M.
> _______________________________________________
> macports-users mailing list
> [email protected]
> http://lists.macosforge.org/mailman/listinfo/macports-users
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo/macports-users
