Ok to switch from Crypt to Shadow Password?

Jordan K. Hubbard jkh at apple.com
Tue Jan 1 20:32:31 PST 2008


On Jan 1, 2008, at 8:01 PM, Tabitha McNerney wrote:

> Jordan, appreciate the further clarity. Quick question then (just to  
> make sure I'm ultra clear) -- even if a MacPort installs a new entry  
> in the local directory domain with a "Crypt Password" type, what  
> you're saying is that in reality, under Leopard Server (and the past  
> few versions of Mac OS X Server) this password is a Shadow Password  
> disguised to the system as a Crypt Password? I ask because using  
> Workgroup Manager on Leopard Server, I can select the user that was  
> installed by the MacPort (for example, take the openldap MacPort  
> which installs a local directory domain entry with the username  
> "ldap", UID "500" and a User Password Type of "Crypt Password" and I  
> can select the pop-up menu with the "Crypt Password" selection and  
> change the type to either "Shadow Password" or "OpenDirectory"  
> because I am also running an OpenDirectory Master on the same  
> machine).

I'm not sure how MacPorts installs user records on Leopard (I've never  
looked).  Presumably, it just drops a plist file into /var/db/dslocal/ 
nodes/Default/users since that's all you need to do in Leopard.  The  
contents of that plist file, however, can specify a number of  
different password types - "it all depends" is about the best answer I  
can give you there.  You should look at the authentication_authority  
array in the user plists you're wondering about and verify that  
they're doing whatever it is you want them to do (this is an array  
value, so there are multiple options here).   I'd be surprised if  
MacPorts was using some obsolete password types, but you never know I  
guess.

- Jordan



More information about the macports-users mailing list