[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of the NetInfo passwd attribute for users

Subject: Re: Use of the NetInfo passwd attribute for users
From: Jason Townsend <email@hidden>
Date: Tue, 18 Jul 2006 17:33:06 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

On Jul 17, 2006, at 11:12 AM, Paul Nelson wrote:

Is this field used at all in 10.4.x?
Will the OS ever use it during authentication for password verification?

Only if the authentication_authority for that user is either not present or is set to ";basic;". However, you can read this attribute using POSIX level calls like getpwnam(), so it is possible that legacy software might assume a crypt password even when the auth authority indicates it should not. This is the reason for the conventional "********" marker value which is not a valid crypt password.

If you don't want your users to be able to change the passwd attribute, you can simply remove the _writers_passwd attribute which is allowing them to do so.

Hope that helps,
-Jason
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Use of the NetInfo passwd attribute for users
  - From: "Finlay Dobbie" <email@hidden>

References:
	>Use of the NetInfo passwd attribute for users (From: Paul Nelson <email@hidden>)

Prev by Date: Re: dlsym(...) and Intel Macs
Next by Date: Re: Use of the NetInfo passwd attribute for users
Previous by thread: Re: Use of the NetInfo passwd attribute for users
Next by thread: Re: Use of the NetInfo passwd attribute for users
Index(es):
- Date
- Thread

Home