Please Help!URGENT.. Password caching...

Guys,

Please help me. This is regarding my MAC OS X Server 10.3.9.
I have a list of users. I have made a default password for them.
Eventually as they know the password they can change it
respectively. But the problem is, when they change the password.
The old password, can access my shared folder.

Note:
Im running OS X 10.3.9 Server, I have the list of users and shared files.


WHY DO THE OLD PASSWORD STILL CAN ACCESS MY SHARED FILES?
I think the old password cache with the system, but im not so sure.

Please have advice. Supposedly the old password can't access the shared folder, since it was change by new one. Why the old password still can be use? This is security issue for me. Since I've given all the user the default password. Though they change the password individually, yet the old or the default still can be use.

How to fix this issue? Is there any way to solve this or maybe this is a bug for the OS?


Your Student,
Thanks

Do local users exist as well as LDAP users?

yes! local user exist. But not quite familar with LDAP.
Please advice.

Clients have local users
Servers have local users

In order to log in to a machine there needs to be an account to match.

However clients can log in to servers using LDAP accounts where the server provides authentication for the user logging into a client. That user doesn't exist on the local machine but the trust relationship between the server and client allow the user log in.

If there is a local account on the client called bob and there is a local account on the server called bob they are actually two different users. If you change bob's password on the client machine you need the password on the server to be changed as well. This is possibly your issue.

If there isn't a local account named bob than you're probably using LDAP to authenticate from the client machine to the server. Be aware that user bob is an example and that actual user names on your network should be substituted. This may still cause the problem depending on how you log in to the client.

Sir I'll give my scenario so that you can relate. I didn't make an account to my machine locally, I log-on as an root user.

Sample:
Our domain made me an account Bob with a password initial 12345. So meaning I can now connect to our domain using bob account. Example our domain name is MACOSXSvr, im now connecting to MACOSXSvr, after a that an authentication promt. I used bob account, below there was an option bar to change password. Eventually, I click the option and change my old password which is 12345 to 54321 and successfully changed. However, the 12345 password still can connect to our domain, though i change it to 54321. Likewise, both password old and new can still connect to our domain. I this a security issue?

Please have advice! Please help me to resolve the issue.

Thanks,

You have contradicted yourself in this thread.

2-28-06 "yes! local user exist."

3-4-06 "I didn't make an account to my machine locally"

Answer these. What server version? What client version?

If possible post screen shots. I'm sorry but I'm having trouble with your broken english.