Apple OS X Server User Manual

Open as PDF

of 44

Local Cached User Authentication

Local Cached User authentication is used for mobile home directories. The authority data field must be

present. Its format is

DS Nodename:DS Recordname:DS GUID

where the colon (:) character delimits the three individual strings. All three strings are required. The first

string is any valid node name in UTF-8 format. The second string is any valid record name in UTF-8 format.

The third string is any valid generated unique identifier (GUID) in UTF-8 format.

If the authority data field is absent or malformed, the authentication authority attribute value must be ignored

and must result in failure to authenticate any client that attempts authentication using it. No other

authentication type can be combined with this authentication type.

Here are some examples of properly formed authentication authority attribute values for Local Cached User

authentication:

;LocalCachedUser;/LDAPv3/bh1234.example.com:bjensen:AFE453BF-284E-4BCE-

ADB2-206C2B169F41

1.0.0;LocalCachedUser;/LDAPv3/bh1234.example.com:bjensen:AFE453BF-284E-

4BCE-ADB2-206C2B169F41

1;LocalCashedUser;/LDAPv3/bh1234.example.com:bjensen:AFE453BF-284E-4BCE-

ADB2-206C2B169F41

Kerberos Version 5 Authentication

For Kerberos Version 5 authentication, the authority data field is formatted as follows:

[UID];[user principal (with realm)]; realm; [realm public key]

The optional 128-bit UID is encoded in the same way as for Apple Password Server authentication.

The optional user principal is the user principal for this user within the Kerberos system. If the user principal

is not present, the user name and the realm are used to generate the principal name (user@REALM). This

allows a fixed authentication authority value to be set up and applied to all user records in a database.

The required realm is the name of the Kerberos realm to which the user belongs.

The optional realm public key may be used to authenticate the KDC in a future release.

The following example yields a user principal of kerbdude@LDAP.EXAMPLE.COM:

;Kerberosv5;;Kerberosv5;0x3f71f7ed60eb4a19000003dd000003dd;kerbdude@LDAP.

EXAMPLE.COM;LDAP.EXAMPLE.COM;1024 35

148426325667675065063924525312889134704829593528054246269765042088452509

603776033113420195398827648618077455647972657589218029049259485673725023

256091629016867281927895944614676546798044528623395270269558999209123531

180552515499039496134710921013272317922619159540456184957773705432987195

533509824866907128303 root@ldap.example.com

Open Directory Overview 19

CHAPTER 1

Concepts

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Apple OS X Server User Manual