[LRUG] [OT?] Security advice, Prey and catching burglars... 'The Ruby Way'
Damon Allen Davison
damon at allolex.net
Fri Mar 30 08:52:51 PDT 2012
On Fri, Mar 30, 2012 at 2:51 PM, Mark Woods <mwoods at online.ie> wrote:
> Are you sure this works? As far as I know, and I've only recently
> returned to the mac cult so I may well be wrong, the login keychain
> password and the account password are not actually one and the same.
>
That's more or less correct.
> My understanding is that they are kept in sync if you change the
> account password while logged in to the account, but changing the
> account password via some other means does not change the keychain
> password. If I've got this wrong, um, I'll need to spend some time
> reviewing the security of the data on my macbook.
>
If you use the Unix command passwd, it will change the PAM authentication
password, but if you use dscl to change it, i.e. directory services, then
it will set the password for the user in Open Directory. The Unix command
passwd has been deprecated in OS 10.7 (Lion), so you *have* to use the dscl
method at the command line. I think the default authentication service
order is network login, local login via directory services, Unix/PAM login.
Since they're stored in different locations, they could be different. We
ran into this problem a few years back when we had to manually change user
passwords and used passwd to do it; the keychain password remained the
same, so we had to delete the keychain and create a new one.
--
Damon Allen Davison
http://twitter.com/allolex
http://allolex.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120330/dc7b9adf/attachment.html>
More information about the Chat
mailing list