Good practice is to delete the users from the local node so users do not log in to the wrong account
the users actual passwords
No, password policies only affect non-administrator accounts. Administrator accounts are exempt from password polices
to provide backward compatibility with a machine running OS X 10.1 or earlier
If no authentication authority attribute is present, OS X Server uses assumes crypt password.
WHY: This happens when accounts are upgraded from 10.1 and earlier which used crypt passwords.
Open Directory Password Server
the authentication authority attribute
Open Directory Password server
(crypt is not secure and is provided for backward compatibility)
– crypt passwords
– LDAP bind authentication
The options that a user has when using or setting a password, including
– automatic password expiration
– disable a user account if it has been inactive for a certain number of days
– disable a user account on a certain date
– ability for user to change their own password
– disable after a failed number of attempts
– and minimum password length
– be reset every X days
– be changed at next login
Can you set a password policy to log failed log-in attempts?
Can you use a password policy to set where the password is stored?