• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] Comm Criteria setup issues (still)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] Comm Criteria setup issues (still)

  • Subject: [Fed-Talk] Comm Criteria setup issues (still)
  • From: "Jason Dickinson" <email@hidden>
  • Date: Thu, 12 May 2005 16:04:49 -0400
Hello (again)
    has anyone out there successfully set up their 10.3.6 box set up exactly as Apple's "Common Criteria Configuration and Administration Guide" prescribes?

I've done at least 5 separate installs of 10.3.9, 10.3.6 (exactly as the Guide), and 10.3.6 Server.  

I can't seem to get the pwpolicy -setglobalpolicy to actually apply to newly created accounts. I'm also finding that even if i explicitly set the policy for a user (via pwpolicy commands with Terminal), that there is no reinforcement of the password rules. Probably due to what I found below...

I struggled for a long time to figure out a few things.

It seems as though using 10.3.x Client - by creating a new user via the System preferences, the password type is "Shadow Password" - which has no password enforcement rules.

When I installed 10.3.6 Server, and created a new user from the Sys Prefs, the same thing - password type is "Shadow Password"
AND if I create a user on 10.3.6 Server via the "Workgroup Manager" STILL the default pass type is "Shadow Password" - if I change it to "Open Directory" using the Workgroup Manager, only then can I start enforcing rules.
- makes sense - only Open Dir can enforce password rules.

I'm familiar with Apple's attempted migration from "Shadow Pass" to "Open Directory" although I don't recall the system rev number where that kicks in 100%.

So I need to know (minimally) how do I get the Open Directory to be the default password type for all new users regardless of whether they're added from the Sys Prefs or the Workgroup Manager??

I've followed the Apple Guide verbatim (x5), but when my DSS inspector puts it through it's paces it'll certainly fail on passwording alone.

The impression that I had from the Guide lead me to believe that it could all be done. I'm hoping I can pull it off. 

One oddity in the setup - and I don't think this is the problem: On page 33 of the guide - we're told to makes changes to the "sshd_config" file, and there's a table of variables to se to yes/no. Well, there are only 3 of the 12 even found in the "sshd_config" file. I did find 3 more in the "ssh_config" (no daemon). But 6 of 12 are unaccounted for. I could add the entries (all "no" anyways) but I wouldn't know where. The guide also states (page 33) "In the sshd_config file, all options are listed, but are commented out...."


Anyone have any ideas?

Thanks,
Jason


email@hidden


_____________________________________

Jason C. Dickinson

Terahertz Scientist

Submillimeter-Wave Technology Laboratory

University of Massachusetts Lowell

______________________________________



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: RE: [Fed-Talk] Adding Bluetooth & Airport to MacMini
  • Next by Date: [Fed-Talk] Cisco Tiger VPN Client avail
  • Previous by thread: [Fed-Talk] NIH, NASA, DOD anyone who purchases iMac
  • Next by thread: [Fed-Talk] Cisco Tiger VPN Client avail
  • Index(es):
    • Date
    • Thread