Skip navigation

Is disable the same as expire in the global password policy settings?

440 Views 7 Replies Latest reply: Jan 4, 2014 1:05 PM by thamilton91 RSS
Morgs Level 1 Level 1 (10 points)
Currently Being Moderated
Jan 31, 2013 8:52 PM

Hopefully a simple question.


Before I tick the box I just want to be sure that in the Global Password Policy settings that Diable means expire passwords on a certain date forcing users to have to create a new password on their next login?




  • FromOZ Level 2 Level 2 (400 points)

    Don't follow precisely what you are saying.


    Are you saying 'Disable login: [checkbox] on specifi date' and you want that to force users to create new password on their next login??


    If you want functionality to make users change password on their first login (i.e. you tell them their password is 'password' for first login) then choose 'Passwords must: [checkbox] be reset on first user login'.


    If you want passwords to be renewed then choose 'must be reset every [type in] months [select]'



  • FromOZ Level 2 Level 2 (400 points)

    Ahhh - that wasn't clear from the original post.


    Well as you can see the dialog box doesn't have that function. But... you could fudge it by choosing 'be reset every [number] [selection]' and making it 1 day.

  • thamilton91 Calculating status...

    Hello I am trying to accomplish the same thing, but the majority of my Global Password Policy optinons are greyed out. Any ideas why?





    Screen Shot 2013-12-28 at 11.14.23 PM.png

  • MrHoffman Level 6 Level 6 (11,710 points)

    You're using local services and apparently not Open Directory (unless you're bound to an Open Directory server elsewhere), so AFAIK many of those settings are simply not available.


    Your DNS server is also not enabled and running, which either means you have another source of DNS on your local networ, or you're trying to use ISP or public DNS, and trying to use external DNS won't work on a NAT'd network; the lack of local just usually cause problems.


    If you're trying to gain more control over managing users (beyond getting local DNS services and Open DIrectory going), then consider downloading and using Workgroup Manager; that provides far more control over and far more visibility into Open Directory.

  • thamilton91 Level 1 Level 1 (0 points)

    Thanks a lot! I have switched to open directory and now "be reset on first login" is turned on. I'm not having an issue where when the user signs in for the first time it prompts them to change the password, but when they put in the old password and new password, the prompt shakes and will not accept the data.


    Example: I created a John Doe account with the password: Server1 - when John Doe attempts to log in for the first time a prompt appears and asks for the Old Password, New Password and Verify New Password. Old Password is Server1, New Password is New123 confrim New123. Press enter and the prompt shakes and does not accept.


    Also noticed that users that have already logged in run into the same problem if the choose to simply "Change Password" before logging in.


    Any ideas?


More Like This

  • Retrieving data ...

Related Articles

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.