Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

passwordservice(8) [osx man page]

PasswordService(8)					    BSD System Manager's Manual 					PasswordService(8)

NAME
PasswordService -- Mac OS X Server Password Server daemon SYNOPSIS
PasswordService [-help | -ver] PasswordService [-n] DESCRIPTION
In the first synopsis form, PasswordService prints a usage summary or version information and quits. In the second form, PasswordService acts as a password server. PasswordService must be run as root; it will exit otherwise. If there is another instance of PasswordService running, it will exit. The PasswordService daemon acts as the gatekeeper for user passwords and provides an authentication resource for all services running on the system. The standard way to communicate with PasswordService is to use the DirectoryService API. Services authenticate via the dsDoDirN- odeAuth() function call. If the user being authenticated has an AuthenticationAuthority attribute that begins with ";ApplePasswordServer;" the request is routed to PasswordService for authentication. Normally, the users in an Open Directory LDAP server are managed through Pass- wordService. The DirectoryService buffer formats for each authentication mechanism are documented in the DirServicesConst.h header file. Some of the common methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1. Some authentication methods require recoverable passwords. If APOP, TWOWAYRANDOM, or WEBDAV-DIGEST are enabled, the password database must contain recoverable passwords. The PasswordService daemon enforces password policies, such as the minimum number of characters allowed or when a password change is required. See pwpolicy(8) for more information about password policies. PasswordService writes three log files; the server log contains all significant activity; the replication log contains information about syn- chronization with other password servers; the error log contains major error conditions. OPTIONS
The following options are available: -n Do not daemonize. USAGE
In typical usage, PasswordService is launched during the boot process by launchd. To start and stop PasswordService manually, use launchctl(8) commands. This command updates the configuration files and effect the startup state. FILES &; FOLDERS /usr/sbin/PasswordService - the password service daemon /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log /var/db/authserver/authservermain - password database (guard this) /var/db/authserver/authserverfree - list of free (reusable) slots in the database SEE ALSO
mkpassdb(8) launchctl(8) pwpolicy(8) Mac OS X Server 21 February 2002 Mac OS X Server

Check Out this Related Man Page

pwd_strengthd(1m)														 pwd_strengthd(1m)

NAME
pwd_strengthd - The sample Password Management Server SYNOPSIS
pwd_strengthd [+/-all[_spaces]] [+/-alp[ha_num]] [-c[ache_size]] size [-d[ebug]] [-m[in_len]] pwd_min_len [-t[imeout]] minutes [-v[erbose]] OPTIONS
Allow passwords to be all spaces. If this option is not set, the effective registry policy is used. Disallow passwords to be all spaces. If this option is not set, the effective registry policy is used. Allow passwords to consist only of alphanumeric characters. If this option is not set, the effective registry policy is used. Disallow passwords to consist only of alphanumeric characters. If this option is not set, the effective registry policy is used. Specify the number of hash buckets in the password cache. The password cache is used to store generated passwords which are retrieved when the password is strength checked. The password cache is a hash table with a linked list for collisions. The size should be set to a reasonable value based on how large the cache will be on average. The default value if not specified is 100. Run in the foreground. Log messages are written to standard output. Specify the minimum length of a password. If this option is not set, the effective registry policy is used. Specify the time, in minutes, that generated passwords remain in the cache before they are deleted from memory. If this option is not specified, the default time is 30 minutes. Runs in verbose mode. More detailed messages are sent to the logfile $DCELOCAL/var/security/pwd_strengthd.log. (Use of this option is recommended.) DESCRIPTION
DESCRIPTION pwd_strengthd is a sample Password Management Server. It exports the rsec_pwd_mgmt application programming interface. pwd_strengthd generates passwords and strength-checks them. It enforces the security registry policy for password strength-checking. Administrators can override the security registry policy via the command-line options (alpha_num, all_spaces, min_len.) Administrators can subject principals to password-strength and -generation policies by attaching the following ERAs: Specifies the password management policy the user must conform to when selecting passwords. Specifies information required in order to connect to the password management server. See the OSF DCE Administrator's Guide -- Core Services for more information and examples. You may want to enhance pwd_strengthd to support your site's policies for password strength and generation. pwd_strengthd(1m)
Man Page