weakpass_edit(8) BSD System Manager's Manual weakpass_edit(8)NAME
weakpass_edit -- Mac OS X Server Password Server weak password dictionary insertion tool
SYNOPSIS
add [[-p passphrase] | [-f file]]
delete [[-p passphrase] | [-f file]]
DESCRIPTION
weakpass_edit Adds weak or undesirable passwords to a dictionary of passwords to be rejected by the password server.
weakpass_edit must be run as root; it will exit otherwise.
This tool's purpose is to manage the weak password dictionary.
OPTIONS
The following options are available:
-p add or delete a passphrase, provided as a command-line argument, to the weak password database.
-f add or delete all passphrases contained in a file.
USAGE FILES &; FOLDERS
/var/db/authserver - the password server database repository. The weak password files are here.
/var/db/authserver/weakpasswords.[n] - an alphabetized list of weak passwords to reject.
SEE ALSO PasswordService(8)mkpassdb(8)Mac OS X Server 21 February 2002 Mac OS X Server
Check Out this Related Man Page
PasswordService(8) BSD System Manager's Manual PasswordService(8)NAME
PasswordService -- Mac OS X Server Password Server daemon
SYNOPSIS
PasswordService [-help | -ver]
PasswordService [-n]
DESCRIPTION
In the first synopsis form, PasswordService prints a usage summary or version information and quits. In the second form, PasswordService
acts as a password server.
PasswordService must be run as root; it will exit otherwise. If there is another instance of PasswordService running, it will exit.
The PasswordService daemon acts as the gatekeeper for user passwords and provides an authentication resource for all services running on the
system. The standard way to communicate with PasswordService is to use the DirectoryService API. Services authenticate via the dsDoDirN-
odeAuth() function call. If the user being authenticated has an AuthenticationAuthority attribute that begins with ";ApplePasswordServer;"
the request is routed to PasswordService for authentication. Normally, the users in an Open Directory LDAP server are managed through Pass-
wordService. The DirectoryService buffer formats for each authentication mechanism are documented in the DirServicesConst.h header file.
Some of the common methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1.
Some authentication methods require recoverable passwords. If APOP, TWOWAYRANDOM, or WEBDAV-DIGEST are enabled, the password database must
contain recoverable passwords.
The PasswordService daemon enforces password policies, such as the minimum number of characters allowed or when a password change is
required. See pwpolicy(8) for more information about password policies.
PasswordService writes three log files; the server log contains all significant activity; the replication log contains information about syn-
chronization with other password servers; the error log contains major error conditions.
OPTIONS
The following options are available:
-n Do not daemonize.
USAGE
In typical usage, PasswordService is launched during the boot process by launchd. To start and stop PasswordService manually, use
launchctl(8) commands. This command updates the configuration files and effect the startup state.
FILES &; FOLDERS
/usr/sbin/PasswordService - the password service daemon
/Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
/Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
/Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
/var/db/authserver/authservermain - password database (guard this)
/var/db/authserver/authserverfree - list of free (reusable) slots in the database
SEE ALSO mkpassdb(8)launchctl(8)pwpolicy(8)Mac OS X Server 21 February 2002 Mac OS X Server