Question:
What does opendirectoryd's FDESupport module do?
Answer:
That's the module which is responsible for taking password updates from opendirectoryd and updating the FV 2 pre-boot login password. It's a helper utility.
Question:
Does fdesetup sync also help sync passwords from a directory service?
Answer:
No, it does not sync passwords. (Same message from both Security and Enterprise labs.)
Question:
Is there a way to run a deferred enablement, which also allows the enablement of a second account. For the purposes of the question, assume that the second account's password has been provided.
Use cases that may apply:
A. An enterprise that wants deferred enablement for the primary user of the machine, but also wants to enable the local admin account for FV 2.
Answer:
Please file enhancement requests. (Same message from both Security and Enterprise labs.)
Question:
When using fdesetup enable -inputplist the password is clear text in the plist. Can this be changed so that the password can be hashed? A colleague of mine has an open bug report for this: BugID: 14023881
Answer:
Please file enhancement requests.
Part of the issue is that plists were not originally intended to be stored on disk; instead the authentication information was meant to be piped straight into fdesetup and not expose the password. Secure password storage in a plist, where the password information is still readable by fdesetup, is a challenge.
Question:
Is it possible to make Server.app run through the setup process from the command line?
Answer:
Not currently. Please file enhancement requests for this if you want it, as we want to know how many of our customers want this.
Question:
Why can't Server.app currently run through the setup process from the command line?
Answer:
The license must be agreed to and that currently only works through the Server.app GUI.