Chapter 8. Authentication in Open Directory Server
It should be evident by now that Mac OS X Server has a very broad scope and encompasses a wide variety of services. Because these services and the protocols they implement have all evolved separately (and sometimes towards conflicting goals), they require a nearly equally wide variety of authentication mechanisms. Each of these mechanisms, in turn, has technological requirements associated with it, fostering a number of management and synchronization challenges. Towards these challenges, Apple has architected a fairly robust, standards-based authentication platform, leveraging a homegrown, multiprotocol authentication service called Password Server and MIT’s Kerberos distribution. This chapter examines both of these architectures in depth, from the underlying services to their graphical and command-line administrative interfaces.
PasswordService (SASL )
Password Server is Panther Server’s authentication workhorse. In addition to being a vital component of Open Directory Server, in a default configuration it also supports authentication of accounts in Mac OS X Server’s local NetInfo domain.
Tip
In most circumstances, the only non-Password Server user in any Panther Server installation is the root user in the local domain, which has a ShadowHash authentication authority (or authauthority, for short). For more information on ShadowHash authentication, see the Appendix, and Running Mac OS X Panther (O’Reilly, 2004). (ShadowHash authentication ...
Get Essential Mac OS X Panther Server Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
