ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

 

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with Mac OS X Server. It is not available on standard Mac OS X (client) installations.

For more information about the manual page format, see the manual page for manpages(5).


PasswordService(8)        BSD System Manager's Manual       PasswordService(8)

NAME
     PasswordService -- Mac OS X Server Password Server daemon

SYNOPSIS
     PasswordService [-help | -ver]

     PasswordService [-n]

DESCRIPTION
     In the first synopsis form, PasswordService prints a usage summary or version information and quits.
     In the second form, PasswordService acts as a password server.

     PasswordService must be run as root; it will exit otherwise. If there is another instance of
     PasswordService running, it will exit.

     The PasswordService daemon acts as the gatekeeper for user passwords and provides an authentication
     resource for all services running on the system. The standard way to communicate with PasswordService
     is to use the DirectoryService API. Services authenticate via the dsDoDirNodeAuth() function call.  If
     the user being authenticated has an AuthenticationAuthority attribute that begins with ";ApplePassword-Server;" ";ApplePasswordServer;"
     Server;" the request is routed to PasswordService for authentication. Normally, the users in an Open
     Directory LDAP server are managed through PasswordService.  The DirectoryService buffer formats for
     each authentication mechanism are documented in the DirServicesConst.h header file. Some of the common
     methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1.

     Some authentication methods require recoverable passwords. If APOP, TWOWAYRANDOM, or WEBDAV-DIGEST are
     enabled, the password database must contain recoverable passwords.

     The PasswordService daemon enforces password policies, such as the minimum number of characters allowed
     or when a password change is required. See pwpolicy(8) for more information about password policies.

     PasswordService writes three log files; the server log contains all significant activity; the replica-tion replication
     tion log contains information about synchronization with other password servers; the error log contains
     major error conditions.

OPTIONS
     The following options are available:

     -n    Do not daemonize.

USAGE
     In typical usage, PasswordService is launched during the boot process by launchd. To start and stop
     PasswordService manually, use the NeST(8) commands -startpasswordserver and -stoppasswordserver.  These
     commands update the configuration files and effect the startup state.

FILES & FOLDERS
     /usr/sbin/PasswordService - the password service daemon
     /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
     /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
     /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
     /var/db/authserver/authservermain - password database (guard this)
     /var/db/authserver/authserverfree - list of free (reusable) slots in the database

SEE ALSO
     mkpassdb(8) NeST(8) pwpolicy(8)

Mac OS X Server                21 February 2002                Mac OS X Server

Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.