Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: tarwinator
tarwinator Author
User level: Level 1
0 points

Network user: plain text PWs in client log?!

I was debugging a MBP (10.7.3) that would not allow network users to login, when I've stumbled over a log line on the client:

User uploaded file


The last parameter "passwordAsUTF8String" containes the password of the user I've tried to login in plain text. Huh?


I've tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.

This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.


Is this a "speciality" of our environment or is this a known bug? Can I turn this behavior off?

We are running Lion clients with a SL Server and using OpenDirectory.


Thanks,

Tarwin

Mac OS X Server-OTHER, Mac OS X (10.7.3), Open Directory, Network User

Posted on Feb 6, 2012 8:16 AM

Reply
12 replies

There are no replies.

Network user: plain text PWs in client log?!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up