Traditional Unix titles have never had to focus much on the mechanisms behind the management of users and groups. At most, a couple of paragraphs could explain the format of the /etc/passwd file and whatever password-shadowing mechanism the operating system in question used. Previous to Panther, Mac OS X, for the most part (like its less widely adopted ancestor OPENSTEP) simply added one more dimension; one that was fairly easy to get used to. Instead of /etc/passwd, a database called NetInfo was utilized. Between NetInfo and the flat files in /etc, there was pretty much a one-to-one relationship—/etc/passwd equated to netinfo://users; /etc/group to netinfo://groups, and /etc/services to netinfo://services, etc. And passwords weren’t shadowed; they were (in most cases) stored using a one-way DES hash in the world-readable NetInfo database.
Mac OS X Server 10.2 introduced PasswordServer, a method of securely storing authentication data in order to support several relatively secure network authentication mechanisms. It was optional, however, and limited in scope to Mac OS X Server. Password Server is covered in more depth in Chapter 8.
That was pretty much it. Of course the tools for manipulation of NetInfo-based data differed somewhat from those used to manage flat files in /etc. But the concepts were largely the same.
In recent years, though, IT and the way that IT organizations deal with users, groups and other administrative data ...