Question about Changing User Passwords with Root on Tiger Server

Discussion in 'Apple' started by sammysheep, Nov 14, 2005.

  1. sammysheep

    sammysheep Guest

    Suppose you are running Mac OS X Server 10.4 and would like to change a
    user's password for whatever reason by logging in as the root user.

    You might use "passwd userName" and see the following dialogue under
    the normal Tiger OS:

    root# passwd userName
    Changing password for userName.
    New password:
    Retype new password:
    root#


    However, in the Tiger Server case I get an additional prompt asking for
    the root password, which, though the *correct* root log-in password is
    supplied, always fails. Consider the following dialogue:

    root# passwd userName
    Changing password for userName.
    New password:
    Retype new password:
    password for root:
    Sorry
    root#

    MY QUESTION: Under Mac OS X Server is there a policy file that may
    restrict root from overriding user passwords? Or perhaps, does the
    authentication process in OS X Server create root passwords in two
    different places?

    Thanks for any advice in this matter.
     
    sammysheep, Nov 14, 2005
    #1
    1. Advertisements

  2. sammysheep

    Simon Slavin Guest

    Under OS X Client, the root account is disabled by default.
    Under OS X Server, the root account is enabled by default. But you don't
    know what the password is.

    Use 'sudo' to run passwd. Don't use root.

    Simon.
     
    Simon Slavin, Nov 16, 2005
    #2
    1. Advertisements

  3. sammysheep

    sammysheep Guest

    In my case, root exists on both machines. Here is the kicker for the
    problem though:

    Whether using root or merely using sudo, the only passwords I can
    change are ones whose authentication authority is "ShadowHash", meaning
    the local shadow database in "/var/db/shadow/" is used for
    authentication.

    The ones I can't change have "ApplePasswordServer" as their
    authentication authority. As far as I can figure, the root user on the
    system (who also uses ShadowHash) is different from the root/admin user
    for LDAP (the service whom Open Directory presumably talks to when it
    sees "ApplePasswordServer" as my authentication authority).

    Moreover, when I do a "mkpassdb -dump" there is no user labeled root or
    admin in one of the slots, so perhaps the LDAP superuser must be given
    explicit control in a configuration file somewhere. I'd like for the
    system root user to be able to act as the root of LDAP without being
    bothered by extra passwords, but I just don't know how to accomplish
    it.

    Any help or advice in this matter is GREATLY appreciated. Thanks.
     
    sammysheep, Nov 17, 2005
    #3
  4. sammysheep

    tycho Guest

    In my case, root exists on both machines.

    root is present in Mac OS X, but not activated for login.
    Normally there is a root user created in the LDAP domain when you
    promote the server to OD master. Strange you couldn't find that user
    in the password database with "mkpassdb -dump", normally he occupies
    slot #2.
    Password for this root user is the same as the directory admin you
    gave wen promoting to OD master.
    Was this a clean 10.4 install or upgrade from an earlier verison?

    * posted via http://www.mymac.ws
    * please report abuse to http://xinbox.com/mymac
     
    tycho, Dec 1, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.