manpagez: man pages & more
man PasswordService(8)
Home | html | info | man
PasswordService(8)        BSD System Manager's Manual       PasswordService(8)


NAME

     PasswordService -- Mac OS X Server Password Server daemon


SYNOPSIS

     PasswordService [-help | -ver]

     PasswordService [-n]


DESCRIPTION

     In the first synopsis form, PasswordService prints a usage summary or
     version information and quits.  In the second form, PasswordService acts
     as a password server.

     PasswordService must be run as root; it will exit otherwise. If there is
     another instance of PasswordService running, it will exit.

     The PasswordService daemon acts as the gatekeeper for user passwords and
     provides an authentication resource for all services running on the sys-
     tem. The standard way to communicate with PasswordService is to use the
     DirectoryService API. Services authenticate via the dsDoDirNodeAuth()
     function call.  If the user being authenticated has an AuthenticationAu-
     thority attribute that begins with ";ApplePasswordServer;" the request is
     routed to PasswordService for authentication. Normally, the users in an
     Open Directory LDAP server are managed through PasswordService.  The
     DirectoryService buffer formats for each authentication mechanism are
     documented in the DirServicesConst.h header file. Some of the common
     methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and
     NTLMv1.

     Some authentication methods require recoverable passwords. If APOP,
     TWOWAYRANDOM, or WEBDAV-DIGEST are enabled, the password database must
     contain recoverable passwords.

     The PasswordService daemon enforces password policies, such as the mini-
     mum number of characters allowed or when a password change is required.
     See pwpolicy(8) for more information about password policies.

     PasswordService writes three log files; the server log contains all sig-
     nificant activity; the replication log contains information about syn-
     chronization with other password servers; the error log contains major
     error conditions.


OPTIONS

     The following options are available:

     -n    Do not daemonize.


USAGE

     In typical usage, PasswordService is launched during the boot process by
     launchd. To start and stop PasswordService manually, use the NeST(8) com-
     mands -startpasswordserver and -stoppasswordserver.  These commands
     update the configuration files and effect the startup state.


FILES & FOLDERS

     /usr/sbin/PasswordService - the password service daemon
     /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
     /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
     /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
     /var/db/authserver/authservermain - password database (guard this)
     /var/db/authserver/authserverfree - list of free (reusable) slots in the database


SEE ALSO

     mkpassdb(8) NeST(8) pwpolicy(8)

Mac OS X Server                21 February 2002                Mac OS X Server

Mac OS X 10.6Server - Generated Thu Apr 15 07:12:55 CDT 2010
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.