| PasswordService(8) | System Manager's Manual | PasswordService(8) |
PasswordService —
Mac OS X Server Password Server daemon
PasswordService |
[-help | -ver] |
PasswordService |
[-n] |
In the first synopsis form,
PasswordService prints a usage summary or version
information and quits. In the second form,
PasswordService acts as a password server.
PasswordService must be run as root; it
will exit otherwise. If there is another instance of
PasswordService running, it will exit.
The PasswordService daemon acts as the
gatekeeper for user passwords and provides an authentication resource for
all services running on the system. The standard way to communicate with
PasswordService is to use the DirectoryService API. Services authenticate
via the dsDoDirNodeAuth() function call. If the user being authenticated has
an AuthenticationAuthority attribute that begins with
";ApplePasswordServer;" the request is routed to
PasswordService for authentication. Normally, the
users in an Open Directory LDAP server are managed through PasswordService.
The DirectoryService buffer formats for each authentication mechanism are
documented in the DirServicesConst.h header file. Some of the common methods
supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1.
Some authentication methods require recoverable passwords. If APOP or WEBDAV-DIGEST are enabled, the password database must contain recoverable passwords.
The PasswordService daemon enforces
password policies, such as the minimum number of characters allowed or when
a password change is required. See
pwpolicy(8) for more information
about password policies.
PasswordService writes three log files;
the server log contains all significant activity; the replication log
contains information about synchronization with other password servers; the
error log contains major error conditions.
The following options are available:
-nIn typical usage, PasswordService is
launched during the boot process by launchd. To start and stop
PasswordService manually, use
launchctl(8) commands. This command
updates the configuration files and effect the startup state.
/usr/sbin/PasswordService - the password service daemon /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
| 21 February 2002 | Mac OS X Server |