What are the different ways Open Directory can store passwords (and authenticate users)?

– single sign-on with Kerberos KDC built-in to OS X Server (kerberos)

– a password stored securely in the Open Directory Password server database ( OD Password server)

– a password stored as several hashes– including NT LAN Manager (NTLM), NTLMv2, and LAN Manager — in a file that only the root user can access (known as shadow password )– this is only for users stored in local directory (shared directory cannot use shadow password)

– a crypt password stored directly in users account (for backward compatibility with legacy systems)

– a non-Apple LDAP server for LDAP bind authentication

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous post With an Open Directory master and one or several Open Directory replicas, what must be considered regarding proper functioning of replication, how can this be acheived?
Next post What is a password policy and what does it affect? Can you set a password policy to log failed log-in attempts? Can you use a password policy to set where the password is stored?