Mac OS X Server 10.3: Upgrading Password Server users to Kerberos and single sign-on

After upgrading a Mac OS X Server from 10.2 to 10.3, follow the steps listed here to upgrade Password Server users to Kerberos.
After the upgrade, user accounts whose password type was Password Server automatically have a password type of Open Directory and can use the authentication methods supported by Open Directory Password Server. If you want them to use Kerberos and single sign-on authentication, you need to upgrade the accounts.
  1. Open Workgroup Manager.
  2. From the View menu, choose Accounts.
  3. Click the Users button.
  4. Click the small globe icon (above the list of users).
  5. From the pop-up menu that appears, open the directory domain where the user accounts reside.
  6. Click the lock and authenticate as a directory domain administrator.
  7. Select one or more user accounts in the list, and click Advanced.
  8. Set User Password Type to "Crypt password" or Shadow Password (whichever is available).
  9. Enter and verify a new password for the selected user or users.
  10. Click OK, then click Save.
  11. Set User Password Type to Open Directory.
  12. Enter and verify a new password for the selected user or users.
  13. Click OK, then click Save.
  14. Tell users the password you assigned, and advise them to change the password in Accounts preferences the next time they log in.

Published Date: Oct 7, 2016