Apple Mac OS X Server Version 10.3 or Later Uživatelský manuál stáhnout pdf (Strana 19)

Chapter 2 Setting Up Windows Services 19

Open Directory password validation can be used with user accounts stored in LDAP

directory domains as well as NetInfo directory domains. The directory domain does not

store the Open Directory password, just a pointer to the Open Directory Password

Server and a password ID. The Open Directory Password Server stores passwords in a

private database file readable only by the root user, and the contents are encrypted.

The Open Directory Password Server never allows passwords to be read over the

network—they can only be set and verified.

Shadow Passwords

If a user’s account has a password type of shadow password, the user’s password is

encrypted and stored in a file on the server. Each user’s shadow password is stored in a

different file, and these files can be read only by the root user. Only user accounts that

are stored in a local directory domain can have a shadow password.

A shadow password can be used to authenticate for Windows file service, but can’t be

used to log in to the Windows domain of a PDC.

Authentication Manager Password

Mac OS X Server supports user accounts that were configured to use the legacy

Authentication Manager technology for password validation in Mac OS X Server

versions 10.0–10.2. After upgrading a server to Mac OS X Server version 10.3, existing

users can continue to use their same passwords. An existing user account uses

Authentication Manager if the account is in a NetInfo domain for which Authentication

Manager has been enabled and the account is set to use a crypt password.

If you migrate a directory domain from NetInfo to LDAP, all user accounts that used

Authentication Manager for password validation are converted to have a password

type of Open Directory.

Setting the Server’s Role and Identity for Windows

Services

You can set up Mac OS X Server to assume any of three roles in providing Windows

services:

• Primary domain controller (PDC) The server provides Windows file and print

services. It also hosts a Windows domain, storing user, group, and computer accounts

and providing authentication services to the domain. The PDC server can host user

profiles and home directories for users who have user accounts on the PDC.

• Domain member The server provides Windows file and print services. It gets

authentication services from the Mac OS X Server PDC. A domain member can host

user profiles and home directories for users who have user accounts on the PDC.

LL2356.book Page 19 Thursday, September 4, 2003 3:21 PM

1 2 ... 14 15 16 17 18 19 20 21 22 23 24 ... 68 69

Žádné komentáře

Apple Mac OS X Server Version 10.3 or Later Uživatelský manuál Strana 19