Apple OS X manual Basic Authentication

Page 16

C H A P T E R 1

Concepts

Kerberos Version 5 authentication, which is used to authenticate users to Kerberos v5 systems. For more information, see “Kerberos Version 5 Authentication” (page 19).

Disabled User authentication, which prevents any authentication from taking place. For more information, see “Disabled User Authentication” (page 20).

Note: For compatibility with previous versions of Mac OS X, user records that do not have an authentication authority attribute are authenticated using Basic password authentication.

User records contain an optional authentication authority attribute. The authentication authority attribute can have one or more values specifying how authentication and password changing should be conducted for that user. The format of this attribute is a semicolon-delimited string consisting of fields in the following order:

version — a numeric value that identifies the structure of the attribute. This field is currently not used and usually is blank. This field may contain up to three 32-bit integer values (ASCII 0–9) separated by periods (.). If this field is empty or its value is 1, the version is consideration to be 1.0.0. If the second or the third field is empty; the version is interpreted as 0. Most client software will only needs to check the first digit of the version field. This field cannot contain a semi-colon (;) character.

authority tag — a string value containing the authentication type for this user. Each authentication type defines the format of the authority data field and specifies how the authority data field is interpreted. The authority tag field is treated as a UTF8 string in which leading, embedded, and trailing spaces are significant. When compared with the list of known types of authentication, the comparison is case-insensitive. Open Directory clients that encounter an unrecognized type of authentication must treat the authentication attempt as a failure. This field cannot contain a semi-colon character.

authority data — a field whose value depends on the type of authentication in the authority tag field. This field may be empty and is allowed to contain semi-colon characters.

Basic Authentication

An Open Directory client that encounters a user record containing the Basic authentication type should conduct authentication in a manner consistent with the authentication method supported by Mac OS X v10.0 and v10.1, which was crypt password authentication.

If the user record does not have an authentication authority attribute, the Open Directory client should use the Basic authentication type.

Here are some examples of authentication authority attributes that use the Basic authentication type:

;basic;

1.0.0;basic;

1;basic;

All three examples have the same result: authentication is conducted using crypt.

Apple Password Server Authentication

The Apple Password Server authentication type requires an Open Directory client to contact a Simple Authentication and Security Layer (SASL) password server at the network address stored in the authority data field. After contacting the Password Server, the Open Directory client can interrogate it to determine

16Open Directory Overview

2007-01-08 © 2007 Apple Inc. All Rights Reserved.

Page 15 Page 17
Image 16
Page 15 Page 17
Contents Open Directory Programming Guide Apple Inc Contents N T E N T S Figures, Tables, and Listings G U R E S , T a B L E S , a N D L I S T I N G S Organization of This Document See AlsoIntroduction See Also Concepts Open Directory OverviewNodes 1Flow of an Open Directory request2An Open Directory request over a network Search Policies and Search Nodes Record Types Constant Description Standard Attribute Types Standard attribute for storing a unique ID commonly foundAuthentication Native Attribute TypesBasic Authentication Open Directory Overview Local Windows Hash Authentication Local Cached User Authentication Disabled User Authentication Directory Native Authentication Directory ProxyOpen Directory, lookupd, and NetInfo 3lookupd and NetInfo interaction when using SSH Directory Service Command Line Utility DebuggingWorking with Nodes Listing Registered NodesWorking with Nodes Finding a Node Opening and Closing a Node Authenticating a User to a Node Directory Native Authentication Authenticating using directory native authenticationWorking with Nodes Working with Nodes Authenticating a User to a Node Working with Records Listing RecordsListing Records Getting Information About a Record’s Attribute Working with RecordsGetting Information About a Record’s Attribute Setting the Name of a Record Working with Records Listing 3-3Setting the name of a record Creating a Record and Adding an Attribute Void CreateRecord const tDirNodeReference inDirNodeRef Deleting a Record Working with Records Document Revision History Document Revision History
Related manuals
Manual 32 pages 7.58 Kb
Top Page Image Contents