解决办法 参考如下帖子:
https://discussions.apple.com/message/15783176#15783176
方法一:
Directory Utility is at /System/Library/CoreServices - on both Client on Server.
- Open it up, via Finder - and then click on Directory Editor
- Make sure you are viewing Users on /Local/Default and that you are authenticated as root. (It does this auto)
- Select the "Administration Account"
- On the right under AuthenticationAuthority should be two keys - one ShadowHash and one Kerboeros
- Copy the value - on my client its ;ShadowHash;HASHLIST:<SALTED-SHA512>
- Select the "System Administrator
- Select the AuthenticationAuthority and click the add symbol to the right.
- Paste the value you copied into the new key.
Once I did this I was able to use sudo passwd root to change the password, and tested it.
A word of warning here - what I did gets it working - but it may be the wrong key, or add in insecure auth-authorities, as there is a diff between Lion Upgraded and Lion clean from what I can across my two computers and as such your root account may not be as secure as apple intended it should be.
方法二(更简单):
I had the same problem, so first thanks for the hint here.
The easy way seems to be to simply delete the whole AuthenticationAuthority key/key-group. Then select the activate root item in the menu (Directory Utility) and it should recreate both AuthenticationAuthority keys (Kerberos and hash).
At least that's what worked for me just a few minutes ago...
