<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I see your confusion. The documentation only mentions Crypt passwords as and old-style way of leaving passwords around if you need interoperability with 10.0 or 10.1 machines. By default, you're already using a shadow password and have been for quite a few releases now.<div><br class="webkit-block-placeholder"></div><div>- Jordan</div><div><div><div><br class="webkit-block-placeholder"></div><div>On Jan 1, 2008, at 3:09 PM, Tabitha McNerney wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br><div><span class="gmail_quote">On 1/1/08, <b class="gmail_sendername">Jordan K. Hubbard</b> <<a href="mailto:jkh@apple.com">jkh@apple.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Let's ask a different question: What are you trying to achieve?<br><br>- Jordan</blockquote><div><br>Hi Jordan,<br><br>You raise a good question, about what I am trying to achieve. My concern is that, after reading Apple's Mac OS X Server Leopard documentation, it strikes me that crypt passwords are less secure compared to other options such as Shadow Passwords, as I quote the Leopard Server OpenDirectory documentation (PDF): <br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">User accounts not used on computers that require a crypt password should have an <br> Open Directory password or a shadow password. A crypt password is required only for <br>logging in to a computer with Mac OS X v10.1 or earlier and on computers with some <br>types of UNIX. <br><br>A crypt password is stored as an encrypted value, or hash, in the user account record in <br>the directory domain. Because the crypt password can be recovered from the directory <br>domain, it is subject to offline attack and is less secure than other password types.<br></blockquote><br>Maybe I am misinterpreting, but it strikes me that Apple is recommending that, if possible, a crypt password should be last on the list of password type choices. <br><br>Thanks,<br><br>T.M.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Jan 1, 2008, at 2:04 AM, Tabitha McNerney wrote: <br><br>> Hello all --<br>><br>> I am happily running Leopard Server and installing MacPorts 1.6.0.<br>> Some of the ports install users in the local directory domain (with<br>> Leopard Apple has officially done away with NetInfo by the way). <br>> There is an option using Workgroup Manager -- a GUI tool only<br>> bundled by Apple with Mac OS X Server, to change the password type<br>> of local directory domain users (for example, the user "ldap" <br>> installed by MacPorts as part of the openldap port) from crypt to<br>> Shadow Password. Has anyone ever tried this and if so are there any<br>> reasons not to switch from crypt to Shadow Password?<br>><br> > Thank,<br>><br>> -T.M.<br>> _______________________________________________<br>> macports-users mailing list<br>> <a href="mailto:macports-users@lists.macosforge.org">macports-users@lists.macosforge.org </a><br>> <a href="http://lists.macosforge.org/mailman/listinfo/macports-users">http://lists.macosforge.org/mailman/listinfo/macports-users</a><br><br></blockquote></div><br></blockquote></div><br></div></body></html>