Appendix A. Introduction to Directory Services
Traditional Unix titles have never had to focus much on the mechanisms behind the management of users and groups. At most, a couple of paragraphs could explain the format of the /etc/passwd file and whatever password-shadowing mechanism the operating system in question used. Previous to Panther, Mac OS X, for the most part (like its less widely adopted ancestor OPENSTEP) simply added one more dimension; one that was fairly easy to get used to. Instead of /etc/passwd, a database called NetInfo was utilized. Between NetInfo and the flat files in /etc, there was pretty much a one-to-one relationship—/etc/passwd equated to netinfo://users; /etc/group to netinfo://groups, and /etc/services to netinfo://services, etc. And passwords weren’t shadowed; they were (in most cases) stored using a one-way DES hash in the world-readable NetInfo database.
Tip
Mac OS X Server 10.2 introduced PasswordServer, a method of securely storing authentication data in order to support several relatively secure network authentication mechanisms. It was optional, however, and limited in scope to Mac OS X Server. Password Server is covered in more depth in Chapter 8.
That was pretty much it. Of course the tools for manipulation of NetInfo-based data differed somewhat from those used to manage flat files in /etc. But the concepts were largely the same.
In recent years, though, IT and the way that IT organizations deal with users, groups and other administrative data ...
Get Essential Mac OS X Panther Server Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.