Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   23457 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PasswordService(8)	  BSD System Manager's Manual	    PasswordService(8)

NAME
     PasswordService — Mac OS X Server Password Server daemon

SYNOPSIS
     PasswordService [-help | -ver]

     PasswordService [-n]

DESCRIPTION
     In the first synopsis form, PasswordService prints a usage summary or
     version information and quits.  In the second form, PasswordService acts
     as a password server.

     PasswordService must be run as root; it will exit otherwise. If there is
     another instance of PasswordService running, it will exit.

     The PasswordService daemon acts as the gatekeeper for user passwords and
     provides an authentication resource for all services running on the sys‐
     tem. The standard way to communicate with PasswordService is to use the
     DirectoryService API. Services authenticate via the dsDoDirNodeAuth()
     function call.  If the user being authenticated has an AuthenticationAu‐
     thority attribute that begins with ";ApplePasswordServer;" the request is
     routed to PasswordService for authentication. Normally, the users in an
     Open Directory LDAP server are managed through PasswordService.  The
     DirectoryService buffer formats for each authentication mechanism are
     documented in the DirServicesConst.h header file. Some of the common
     methods supported are: APOP, CRAM-MD5, DIGEST-MD5, MS-CHAPv2, NTLMv2 and
     NTLMv1.

     Some authentication methods require recoverable passwords. If APOP,
     TWOWAYRANDOM, or WEBDAV-DIGEST are enabled, the password database must
     contain recoverable passwords.

     The PasswordService daemon enforces password policies, such as the mini‐
     mum number of characters allowed or when a password change is required.
     See pwpolicy(8) for more information about password policies.

     PasswordService writes three log files; the server log contains all sig‐
     nificant activity; the replication log contains information about syn‐
     chronization with other password servers; the error log contains major
     error conditions.

OPTIONS
     The following options are available:

     -n	   Do not daemonize.

USAGE
     In typical usage, PasswordService is launched during the boot process by
     launchd. To start and stop PasswordService manually, use launchctl(8)
     commands.	This command updates the configuration files and effect the
     startup state.

FILES & FOLDERS
     /usr/sbin/PasswordService - the password service daemon
     /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
     /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
     /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
     /var/db/authserver/authservermain - password database (guard this)
     /var/db/authserver/authserverfree - list of free (reusable) slots in the database

SEE ALSO
     mkpassdb(8) launchctl(8) pwpolicy(8)

Mac OS X Server		       21 February 2002		       Mac OS X Server

Vote for polarhome