Apple OS X manual Native Attribute Types, Authentication

Page 15

C H A P T E R 1

Concepts

Constant

Description

kDS1AttrPort

Standard attribute for storing the port number at which a service is

 

available; commonly found in kDSStdRecordTypeAFPServer,

 

kDSStdRecordTypeFTPServer, kDSStdRecordTypeLDAPServer,

 

kDSStdRecordTypeWebServer, and other service discovery records

kDSNAttrGroupMembership

Standard attribute for storing group memberships

kDSNAttrAuthentication- Standard attribute for storing authentication authorities; commonly found

Authority

in records of type kDSStdRecordTypeUsers and kDSStdRecordType-

 

Computers

Native Attribute Types

Developers can define their own attributes (known as native attributes). Open Directory maps the namespace of each directory system onto native types, while the standard types are the same across all Open Directory plug-ins.

Authentication

Open Directory for Mac OS X v10.2 supports authentication on a per-user basis whereby user records have an authentication authority attribute that specifies the type of authentication that is to be used to authenticate a particular user and all of the information required to use the specified authentication method, such as encoded password information.

Note: The information in this section is of interest to Open Directory clients that create user records or that want to change the authentication authority for a user. These clients must write the authentication authority attribute and may have to do a set password operation to have the change take effect. Open Directory clients that only do directory native authentication or that only change existing passwords do not need to interpret the authentication authority attribute because the Open Directory plug-ins handle the supported authentication authority attribute values.

This version of Mac OS X supports the following types of authentication:

Basic, which supports Crypt password authentication. For more information, see “Basic Authentication” (page 16).

Apple Password Server authentication, which uses a Mac OS X Password Server to perform authentication. For more information, see “Apple Password Server Authentication” (page 16).

Shadow Hash authentication, which uses salted SHA-1 hashes. The hash type of can be configured using the authentication authority data. By default, NT and LAN Manager hashes are not stored in local files, but storing them in local files can be enabled. This is the default authentication for this version of Mac OS X. For more information, see “Shadow Hash Authentication” (page 18).

Local Windows authentication, which is legacy subset of Shadow Hash authentication. For more information, see “Local Windows Hash Authentication” (page 18).

Local Cached User authentication, which is appropriate for mobile home directories using directory-based authentication such as LDAP. For more information, see “Local Cached User Authentication” (page 19).

Open Directory Overview

15

2007-01-08 © 2007 Apple Inc. All Rights Reserved.

Image 15
Contents Open Directory Programming Guide Apple Inc Contents N T E N T S Figures, Tables, and Listings G U R E S , T a B L E S , a N D L I S T I N G S See Also Organization of This DocumentIntroduction See Also Open Directory Overview Concepts1Flow of an Open Directory request Nodes2An Open Directory request over a network Record Types Search Policies and Search NodesConstant Description Standard attribute for storing a unique ID commonly found Standard Attribute TypesNative Attribute Types AuthenticationBasic Authentication Open Directory Overview Local Windows Hash Authentication Local Cached User Authentication Disabled User Authentication Directory Proxy Directory Native AuthenticationOpen Directory, lookupd, and NetInfo 3lookupd and NetInfo interaction when using SSH Debugging Directory Service Command Line UtilityListing Registered Nodes Working with NodesWorking with Nodes Finding a Node Opening and Closing a Node Authenticating a User to a Node Authenticating using directory native authentication Directory Native AuthenticationWorking with Nodes Working with Nodes Authenticating a User to a Node Listing Records Working with RecordsListing Records Working with Records Getting Information About a Record’s AttributeGetting Information About a Record’s Attribute Setting the Name of a Record Working with Records Listing 3-3Setting the name of a record Creating a Record and Adding an Attribute Void CreateRecord const tDirNodeReference inDirNodeRef Deleting a Record Working with Records Document Revision History Document Revision History
Related manuals
Manual 32 pages 7.58 Kb