|
|
10.6: Unlock screens using any admin password
if only there was a way to let admin users masquerade as others through the OD login... There's actually a pretty slick way of doing this: In OD, the password is stored via one level of indirection; a "pointer" to a password entry. So:
10.6: Unlock screens using any admin password
Wait, how do you actually do the saving of the original password, though? As far as I can tell, there's no way to extract the actual password data from an account, especially when using Kerberos... am I missing something?
10.6: Unlock screens using any admin password
Right; you can't read a password, but you CAN read/write the "pointer" to it, and that's all you need.
10.6: Unlock screens using any admin password
Care to explain how to do this?
10.6: Unlock screens using any admin password
It can be done via "Workgroup Manager" (GUI; does not require Mac OS X Server) or via command-line - look for the "AuthenticationAuthority" attributes.
10.6: Unlock screens using any admin password
Does the difference cause it to not work? Is it that significant? I wonder because I totally dread these kinds of issues :(
10.6: Unlock screens using any admin password
Right, with Kerberos, the password information is not even on your machine. Your password is checked against a key server which assigns a Kerberos ticket to your session on the machine and it is only good for that session. You would have to either catch the action of authentication against the key server or crack the key server, itself. Without Kerberos, a password can be cracked with a chosen text attack, which is more or less difficult depending on the strength of the one way hashing algorithm used to encrypt the password and on how strong the user's password is. See my reply to one of the other messages below for more about this.
10.6: Unlock screens using any admin password
Right, which makes me wonder what mvgfr (above) is talking about.
10.6: Unlock screens using any admin password
You simply replace the *reference* to the password (the text string in the AuthenticationAuthority attribute, if I recall), which tells OD where to find the password.
10.6: Unlock screens using any admin password
I just upgraded to "Mavericks" and have 3 major issues with it: |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.13 seconds |
|