Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use a master password on 'managed' machines' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use a master password on 'managed' machines
Authored by: Detrius on Sep 01, '04 06:14:02PM

I really hate to be rude, but why (in a large environment where different users have different passwords) would you NOT be running OS X Server and Open Directory to manage user accounts?

Besides, if each machine individually has the master password set, changing the password would be far more of a pain than resetting one user password.



[ Reply to This | # ]
Use a master password on 'managed' machines
Authored by: LoonyPandora on Sep 01, '04 08:14:13PM

Don't worry, it wasn't rude.

In an ideal world, of course you would be using OSX Server, and Open Directory, managed user accounts, networked home directories, maybe even NetBoot - but this is not an ideal world ;-) - Many companies refuse to invest that heavily in IT, or have PC IT departments that "Will not have a Mac Server..."

In situations like this, it is great to have one master password set on ALL machines, so the main IT person can reset any password without having to know the users admin password (which they will invariably forget)



[ Reply to This | # ]
Use a master password on 'managed' machines
Authored by: babbage on Sep 10, '04 01:36:57AM

So then centralize account management on a central Linux machine running NIS and other Free software, and it can all be done for the price of one cheapo PC and a little bit of time with the documentation.

OSX Server is nice, but you can run most of the same services it provides on a Free (beer, speech) operating system for not a whole lot more effort.

Failing that, you can just designate one of your OSX Client machines as The Boss, and have it push around login information via something as simple as ssh logins and Bourne shell scripts using the ni* and dscl commands. If you want to be fancy you can do this with Apple Remote Desktop, but if your budget doesn't allow that then, again, all of these things can be done with Free software that came with your Mac.

Setting the master password this way -- for this reason -- seems like a disaster waiting to happen. What happens if the only person that knows the password forgets it, or leaves the job? Each machine will need to be rebuilt if it comes to that. It doesn't have to be that way...

---
--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]