passwordservice(8) [osx man page]
PasswordService(8) BSD System Manager's Manual PasswordService(8) NAME
PasswordService -- Mac OS X Server Password Server daemon SYNOPSIS
PasswordService [-help | -ver] PasswordService [-n] DESCRIPTION
In the first synopsis form, PasswordService prints a usage summary or version information and quits. In the second form, PasswordService acts as a password server. PasswordService must be run as root; it will exit otherwise. If there is another instance of PasswordService running, it will exit. The PasswordService daemon acts as the gatekeeper for user passwords and provides an authentication resource for all services running on the system. The standard way to communicate with PasswordService is to use the DirectoryService API. Services authenticate via the dsDoDirN- odeAuth() function call. If the user being authenticated has an AuthenticationAuthority attribute that begins with ";ApplePasswordServer;" the request is routed to PasswordService for authentication. Normally, the users in an Open Directory LDAP server are managed through Pass- wordService. The DirectoryService buffer formats for each authentication mechanism are documented in the DirServicesConst.h header file. Some of the common methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1. Some authentication methods require recoverable passwords. If APOP, TWOWAYRANDOM, or WEBDAV-DIGEST are enabled, the password database must contain recoverable passwords. The PasswordService daemon enforces password policies, such as the minimum number of characters allowed or when a password change is required. See pwpolicy(8) for more information about password policies. PasswordService writes three log files; the server log contains all significant activity; the replication log contains information about syn- chronization with other password servers; the error log contains major error conditions. OPTIONS
The following options are available: -n Do not daemonize. USAGE
In typical usage, PasswordService is launched during the boot process by launchd. To start and stop PasswordService manually, use launchctl(8) commands. This command updates the configuration files and effect the startup state. FILES &; FOLDERS /usr/sbin/PasswordService - the password service daemon /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log /var/db/authserver/authservermain - password database (guard this) /var/db/authserver/authserverfree - list of free (reusable) slots in the database SEE ALSO
mkpassdb(8) launchctl(8) pwpolicy(8) Mac OS X Server 21 February 2002 Mac OS X Server
Check Out this Related Man Page
opendirectoryd(8) BSD System Manager's Manual opendirectoryd(8) NAME
opendirectoryd -- is a launchd(8) job for client access to local or remote directory systems SYNOPSIS
opendirectoryd [--version] DESCRIPTION
opendirectoryd is a launchd(8) job which replaces "DirectoryService" as a core part of the Open Directory technology. Several modules are provided that allow access to existing directory systems: o Active Directory o LDAP o Local Database o NIS Modules opendirectoryd modules have specific capabilities: Authentication password verification, password changes, etc. Connection general connections used for queries, record modifications, etc. Discovery location and prioritization of servers to contact (a.k.a., service discovery) Unspecified a generic module used for unspecified purpose (usually to extend capabilities) Third party plugins developed for "DirectoryService" are supported via dspluginhelperd(8). Open Directory Open Directory is a technology which includes a client API abstraction layer, a directory server, and the opendirectoryd daemon. This allows clients to utilize a single API to access a variety of directory servers simultaneously or configure their own directory server. Open Directory forms the foundation of how Mac OS X accesses all authoritative configuration information (users, groups, mounts, managed desktop data, etc.). This allows use of virtually any directory system via Apple and third party modules. Configuration of opendirectoryd is done via "System Preferences" under the "Users & Groups" preference pane. Advanced settings are available by using "Open Directory Utility..." within "Users & Groups" preference pane. More information is available from the Open Directory website: http://developer.apple.com/darwin/projects/opendirectory/ Open Directory Server Open Directory Server utilizes OpenLDAP which is included as part of Mac OS X Client, Mac OS X Server, and Darwin. OpenLDAP provides a robust and scalable platform for serving directory-based information for both standalone and networked systems. NFSv4 Domain name The following will set the default domain name used to map user and group identities in NFSv4 client/server operations. dscl . -create Config/NFSv4Domain RealName <Example.com> This command requires root privileges. FILES
Files are stored in various locations for opendirectoryd depending on use. A list of folders and files are shown below. System files provided by Apple and should only change with operating system updates: /System/Library/OpenDirectory/Configurations/ node configuration files /System/Library/OpenDirectory/DynamicNodeTemplates/ dynamic node definitions /System/Library/OpenDirectory/Mappings/ record/attribute mapping tables /System/Library/OpenDirectory/Modules/ modules to be loaded on demand /System/Library/OpenDirectory/Templates/ templates used for node styles (module layout and mappings) /System/Library/OpenDirectory/record-schema.plist OpenDirectory record/attribute schema /System/Library/OpenDirectory/permissions.plist OpenDirectory global record/attribute permissions User defined files: /Library/OpenDirectory/Templates/ templates used for node styles (module layout and mappings) /Library/OpenDirectory/Mappings/ record/attribute mapping tables Files that change periodically are located in: /Library/Preferences/OpenDirectory/Configurations/ node configuration files /Library/Preferences/OpenDirectory/DynamicData/ dynamic data stored by nodes /Library/Preferences/OpenDirectory/.LogDebugAtStartOnce enables debug logging until process exits or system is rebooted (reboot required) /var/log/opendirectoryd.log* log file(s) for opendirectoryd Legacy locations: /Library/DirectoryServices/PlugIns/ third party DirectoryService plugins loaded by dspluginhelperd SEE ALSO
odutil(1), dspluginhelperd(8), slapd(8) BSD
March 3, 2011 BSD