Apple 10.5 Leapard To enable the use of login or logout scripts, Trust value name Requirements

When enabling the use of login and logout scripts, you can set a trust value for the client. Trust values determine the required level of authentication before a client trusts a server enough to run its scripts. Most trust values directly correlate to LDAP security policy settings that are configured in Directory Utility.

The trust value of DHCP doesn’t correlate to a security policy. Instead, it correlates to whether Directory Utility is configured to use a DHCP-supplied LDAP server. The trust value of Authenticated requires that you set up trusted binding to an LDAP directory.

For more information about how to use Directory Utility to enable LDAP security policies, using DHCP-supplied LDAP, or setting up trusted binding, see Open Directory Administration.

The following table lists valid trust values and describes their requirements. The table is arranged in order of increasing trust, where the last entry requires the highest level of trust.

To set the minimum required trust level, set the MCXScriptTrust client setting:

ÂIf the client’s MCXScriptTrust setting is a level of trust equal to or less than the trust value, the client trusts the server and runs its login and logout scripts.

ÂIf the client’s MCXScriptTrust setting is a level of trust more than the trust value, the client doesn’t trust the server and doesn’t run its scripts.

The default trust value is FullTrust.

To enable the use of login or logout scripts:

1Log in to the user’s computer locally or use Apple Remote Desktop.

2Open the Sharing pane of System Preferences.

3Click the lock to authenticate, and enter the name of a local or domain administrator.