Re: Use of the NetInfo passwd attribute for users

• Subject: Re: Use of the NetInfo passwd attribute for users
• From: "Finlay Dobbie" <email@hidden>
• Date: Wed, 19 Jul 2006 12:44:09 +0100
• Delivered-to: email@hidden
• Delivered-to: email@hidden
• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d7Jc9ursas823aQ5O0jiZiN0tizKKWsin71fQqoxKgP4clYcAcXy5xw+zjJGy54bn8641ELEtBT5FmMOdjjZaNiig0W//I6McEEpOs25WRPW23IBPggpzm1kxssoKAA9Kgsiyug03ZadYDjGv7QSdZG/yfqjBUm7AMXDBCqrn9A=

On Jul 17, 2006, at 11:12 AM, Paul Nelson wrote:
> Is this field used at all in 10.4.x?
>
> Will the OS ever use it during authentication for password
> verification?

Only if the authentication_authority for that user is either not
present or is set to ";basic;". However, you can read this attribute
using POSIX level calls like getpwnam(), so it is possible that legacy
software might assume a crypt password even when the auth authority
indicates it should not. This is the reason for the conventional
"********" marker value which is not a valid crypt password.

And also it's different from "*" which is traditionally used to
indicate accounts which cannot be logged in to.

-- Finlay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden

• Prev by Date: Re: Use of the NetInfo passwd attribute for users
• Next by Date: Tun-Tap
• Previous by thread: Re: Use of the NetInfo passwd attribute for users
• Next by thread: Looking for a Mac Developer
• Index(es):
  • Date
  • Thread