PasswordService(8)          System Manager's Manual         PasswordService(8)

NAME
     PasswordService – Mac OS X Server Password Server daemon

SYNOPSIS
     PasswordService [-help | -ver]

     PasswordService [-n]

DESCRIPTION
     In the first synopsis form, PasswordService prints a usage summary or
     version information and quits.  In the second form, PasswordService acts
     as a password server.

     PasswordService must be run as root; it will exit otherwise. If there is
     another instance of PasswordService running, it will exit.

     The PasswordService daemon acts as the gatekeeper for user passwords and
     provides an authentication resource for all services running on the
     system. The standard way to communicate with PasswordService is to use
     the DirectoryService API. Services authenticate via the dsDoDirNodeAuth()
     function call.  If the user being authenticated has an
     AuthenticationAuthority attribute that begins with
     ";ApplePasswordServer;" the request is routed to PasswordService for
     authentication. Normally, the users in an Open Directory LDAP server are
     managed through PasswordService.  The DirectoryService buffer formats for
     each authentication mechanism are documented in the DirServicesConst.h
     header file. Some of the common methods supported are: APOP, CRAM-MD5,
     DIGEST-MD5, MS-CHAPv2, NTLMv2 and NTLMv1.

     Some authentication methods require recoverable passwords. If APOP or
     WEBDAV-DIGEST are enabled, the password database must contain recoverable
     passwords.

     The PasswordService daemon enforces password policies, such as the
     minimum number of characters allowed or when a password change is
     required. See pwpolicy(8) for more information about password policies.

     PasswordService writes three log files; the server log contains all
     significant activity; the replication log contains information about
     synchronization with other password servers; the error log contains major
     error conditions.

OPTIONS
     The following options are available:

     -n    Do not daemonize.

USAGE
     In typical usage, PasswordService is launched during the boot process by
     launchd. To start and stop PasswordService manually, use launchctl(8)
     commands.  This command updates the configuration files and effect the
     startup state.

FILES & FOLDERS
     /usr/sbin/PasswordService - the password service daemon
     /Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
     /Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
     /Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log

SEE ALSO
     mkpassdb(8) launchctl(8) pwpolicy(8)

Mac OS X Server                21 February 2002                Mac OS X Server