Once you have migrated a set of users from the local directory node to the Open Directory password server node (called network node), what is good practice to do?

Good practice is to delete the users from the local node so users do not log in to the wrong account

Using Workgroup Manager to import and export user records, what is not transferred?

the users actual passwords

Do password policies affect administrators and non-administrator accounts?

No, password policies only affect non-administrator accounts. Administrator accounts are exempt from password polices

Whats the only scenario that you might need to use crypt passwords on a OS X Server 10.4?

to provide backward compatibility with a machine running OS X 10.1 or earlier

If a users account does not contain an authentication authority attribute, what does OS X Server 10.4 assume about this user, and why might this be the case?

If no authentication authority attribute is present, OS X Server uses assumes crypt password.

WHY: This happens when accounts are upgraded from 10.1 and earlier which used crypt passwords.

What is the default authentication authority attribute for a new user that you just created?

Open Directory Password Server

Each users account contains information about which authentication option or options to use. What is this information called (in context of each user)?

the authentication authority attribute

Which method for storing passwords is more secure, crypt passwords or using Open Directory Password server?

Open Directory Password server

(crypt is not secure and is provided for backward compatibility)

Which kinds of authentication do not support the password policies youve established for a particular user?

– crypt passwords
– LDAP bind authentication

What is a password policy and what does it affect? Can you set a password policy to log failed log-in attempts? Can you use a password policy to set where the password is stored?

The options that a user has when using or setting a password, including
– automatic password expiration
– disable a user account if it has been inactive for a certain number of days
– disable a user account on a certain date

– ability for user to change their own password
– disable after a failed number of attempts
– and minimum password length
– be reset every X days
– be changed at next login

Can you set a password policy to log failed log-in attempts?
—————–

Can you use a password policy to set where the password is stored?
—————–