Nov 16, '03 01:31:00AM • Contributed by: Air Mapster
One of the many improvements in Panther is support for longer passwords using a different hash algorithm (I'm not sure if it's md5 or something else). It also adds shadow password functionality, which means the encrypted password hash is not stored directly in NetInfo. Accounts with new passwords must authenticate using a special API in the DirectoryService Framework, which never reveals the encrypted password hash.
All new accounts created in Panther use the new password scheme by default, so there's nothing you need to do to enable it for them. But if you did an upgrade or archive install from a previous version of Mac OS X, your old accoutn passwords were carried over and used unchanged in Panther. To change your account to use the new password encryption is simple:
- Go into the Accounts Preference Pane
- Type your password into the Password and Verify fields. It will ask you to authenticate first, so also type your password into the sheet that pulls down.
That's it. You don't even have to change your password -- you can use the same one. But hey, maybe now is a good excuse to change it anyway? To verify that the change worked, follow these steps:
- Open /Applications -> Utilities -> NetInfo Manager
- Click on users and then click on your username.
- Check the passwd field. For old style passwords, you will see a string of characters. For new style passwords, you will see only ********.
- Also check the authentication_authority field. Old passwords will have ;basic; and new passwords will have ;ShadowHash;.
Finally, note that some unix programs that need to authenticate users may not be updated to handle the new passwords yet. This hint shows one example.