beautypg.com

Password validation – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 22

background image

22

Chapter 1

Chapter 2, “Directory Services,” describes how to configure search policies on any Mac OS X
computer.

Password Validation

Open Directory gives you several options for validating a user’s password:

m You can use a value stored as a readable attribute in the user’s account.

The account can be stored in a directory domain residing on Mac OS X Server or on
another vendor’s directory server, such as an LDAP or Active Directory server.

This option, referred to as the “basic” password validation strategy, is the simplest and
fastest approach to password validation and offers the greatest opportunity for sharing
user information for authentication with non-Apple servers. Basic password validation
may not support clients that require certain network-secure authentication protocols,
such as APOP.

See “Storing Passwords in User Accounts” on page 198 for details about this strategy.

m You can use a value stored in the Open Directory Password Server.

This option, which supports a wide range of client authentication protocols, lets you set
up user-specific password policies for users. For example, you can require a user to
change his password periodically or use only passwords having more than a minimum
number of characters. It is the recommended password validation option for Windows
users.

See “Open Directory Password Server” on page 63 for general Password Server concepts.

See “Setting Up an Open Directory Domain and Password Server” on page 71 for setup
instructions.

See “Using a Password Server” on page 200 for information about how to manage
Password Server settings for users.

m You can use a Kerberos server.

This scheme offers the opportunity to integrate into existing Kerberos environments.

See “Using Kerberos” on page 205 for details.

m You can use LDAP bind authentication with a non-Apple LDAPv3 directory server.

This option, like Kerberos, offers a way to integrate your server into an existing
authentication scheme.

See “Using LDAP Bind Authentication” on page 208 for how to implement this option.

LL0395.Book Page 22 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: