Apple Mac OS X Server (version 10.2.3 or later) User Manual

Directory Services

83

For User Name, enter the user name of an administrator of the Password Server. This
administrator is a domain administrator for the directory domain with which the Password
Server is associated, and the administrator’s password is validated using that Password
Server. For more information on Password Server administrators, see “Assigning
Administrator Rights for a Password Server” on page 201 of Chapter 3, “Users and Groups.”

For Password, enter the password for the user name you entered.

7

In the next Security step, Open Directory Assistant displays the short name of the user
account that will become an administrator of the Password Server.

This user account is the one you used to authenticate when you started Open Directory
Assistant. You can make additional Password Server administrators by selecting the option
“User can administer this directory domain” in the Basic pane of Workgroup Manager. For
instructions, see “Assigning Administrator Rights for a Directory Domain” on page 142 of
Chapter 3, “Users and Groups.”

8

In the onscreen Finish Up step, click Go Ahead to configure the server with the displayed
settings.

Using a Non-Shared Local Directory Domain With No Password Server

Using the Open Directory Assistant application, you can set up a Mac OS X Server to use only
its local directory domain while it stores and accesses authentication information locally in
user records. This server obtains authentication information directly from user records,
without using a Password Server. The server does not provide directory information to other
computers or get directory information from an existing system. (The local directory domain
cannot be shared.)

If you create user accounts without a Password Server and later reconfigure your Mac OS X
Server to host or use a Password Server, you will have to reset the user passwords to use the
Password Server.

If your Mac OS X Server currently gets directory information from another server and you
change to getting directory information only from the local directory domain, user records
and other information that is stored in the other server’s shared directory domain will no
longer be available. The user records and other information will still exist in the other shared
directory domain, but your Mac OS X Server will not access them.

Important

If you are changing a Mac OS X Server to no longer use or host a Password

Server, first change the password validation strategy of the Password Server administrator to
basic. You should also make the same change to any ordinary users whose passwords are
validated using the Password Server. Doing so ensures that these users can continue to log in
to Mac OS X Server. For instructions, see “Resetting Passwords Before Discontinuing Use of a
Password Server” on page 203 of Chapter 3, “Users and Groups.”

LL0395.Book Page 83 Wednesday, November 20, 2002 11:44 AM