Filter
Top Products
DescriptionConstant
Standard attribute for storing the port number at which a service is
available; commonly found in kDSStdRecordTypeAFPServer,
kDSStdRecordTypeFTPServer, kDSStdRecordTypeLDAPServer,
kDSStdRecordTypeWebServer, and other service discovery records
kDS1AttrPort
Standard attribute for storing group membershipskDSNAttrGroupMembership
Standard attribute for storing authentication authorities; commonly found
in records of type kDSStdRecordTypeUsers and kDSStdRecordType-
Computers
kDSNAttrAuthentication-
Authority
Native Attribute Types
Developers can define their own attributes (known as native attributes). Open Directory maps the namespace
of each directory system onto native types, while the standard types are the same across all Open Directory
plug-ins.
Authentication
Open Directory for Mac OS X v10.2 supports authentication on a per-user basis whereby user records have
an authentication authority attribute that specifies the type of authentication that is to be used to authenticate
a particular user and all of the information required to use the specified authentication method, such as
encoded password information.
Note: The information in this section is of interest to Open Directory clients that create user records or that
want to change the authentication authority for a user.These clients must write the authentication authority
attribute and may have to do a set password operation to have the change take effect. Open Directory clients
that only do directory native authentication or that only change existing passwords do not need to interpret
the authentication authority attribute because the Open Directory plug-ins handle the supported
authentication authority attribute values.
This version of Mac OS X supports the following types of authentication:
■ Basic, which supports Crypt password authentication. For more information, see “Basic
Authentication” (page 16).
■ ApplePasswordServer authentication, which uses a Mac OS X Password Server to perform authentication.
For more information, see “Apple Password Server Authentication” (page 16).
■ Shadow Hash authentication, which uses salted SHA-1 hashes. The hash type of can be configured using
the authentication authority data. By default, NT and LAN Manager hashes are not stored in local files,
but storing them in local files can be enabled. This is the default authentication for this version of Mac
OS X. For more information, see “Shadow Hash Authentication” (page 18).
■ Local Windows authentication, which is legacy subset of Shadow Hash authentication. For more
information, see “Local Windows Hash Authentication” (page 18).
■ Local CachedUser authentication, which is appropriate for mobile home directories using directory-based
authentication such as LDAP. For more information, see “Local Cached User Authentication” (page 19).
Open Directory Overview 15
2007-01-08 | © 2007 Apple Inc. All Rights Reserved.
CHAPTER 1
Concepts