Skip navigation

Network user: plain text PWs in client log?!

11785 Views 10 Replies Latest reply: May 10, 2012 12:13 AM by MadMacs0 RSS
tarwinator Calculating status...
Currently Being Moderated
Feb 6, 2012 8:17 AM

I was debugging a MBP (10.7.3) that would not allow network users to login, when I've stumbled over a log line on the client:

Screen Shot 2012-02-06 at 5.01.08 PM.png

 

The last parameter "passwordAsUTF8String" containes the password of the user I've tried to login in plain text. Huh?

 

I've tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.

This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.

 

Is this a "speciality" of our environment or is this a known bug? Can I turn this behavior off?

We are running Lion clients with a SL Server and using OpenDirectory.

 

Thanks,

Tarwin

Mac OS X Server, Mac OS X (10.7.3), Open Directory, Network User

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.