beautypg.com

Identifying computers for hosting shared domains, Open directory password server, Open directory password server 63 – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 63: Administering home directories 152

background image

Directory Services

63

You’ll want to try to make each directory domain applicable to all the computers that use it
so you don’t have to change or add information in multiple domains. In the education
hierarchy example, all students may have user records in the Students domain and all
employees may have accounts in the Employees domain. As undergraduate students leave or
become graduate students, or as employees are hired or retire, the administrator can make
adjustments to user information simply by editing one domain.

If you have a widespread or complex hierarchy of directory domains in a network that is
managed by several administrators, you need to devise strategies to minimize conflicts. For
example, you can predefine ranges of user IDs (UIDs) to avoid inadvertent file access. (For
more information, see “Defining User IDs” on page 141 in Chapter 3, “Users and Groups.”)

Identifying Computers for Hosting Shared Domains

If you need more than one shared domain, you need to identify the computers on which
shared domains should reside. Shared domains affect many users, so they should reside on
Mac OS X Servers that have the following characteristics:

m restricted physical access

m limited network access

m equipped with high-availability technologies, such as uninterruptible power supplies

You should select computers that will not be replaced frequently and that have adequate
capacity for growing directory domains. While you can move a shared domain after it has
been set up, you may need to reconfigure the search policies of computers that bind to the
shared domain so that their login hierarchies remain intact.

Open Directory Password Server

Besides providing directory services on Mac OS X Servers and other Mac OS X computers,
Open Directory can also provide authentication services. An Open Directory Password Server
can store and validate user passwords for login and other network services that require
authentication. A Password Server supports basic authentication as well as authentication
methods that protect the privacy of a password during transmission on the network. A
Password Server lets you set up specific password policies for each user, such as automatic
password expiration and minimum password length.

LL0395.Book Page 63 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: