Programming with Directory Services
As a programmer, you frequently need to deal with directory information, whether you realize it or not. Your application uses Directory Services each time it looks up a host entry or authenticates a password. The Open Directory architecture unifies what used to be a random collection of flat files in /etc. The good news is that the flat files still work. The other good news is that there is a brave new world just beyond those flat files. So, while all your old Unix code should work with the Open Directory architecture, you should look for new ways to accomplish old tasks, especially if you can continue writing portable code.
To get at directory information, Unix applications typically go
through the C library using such functions as
. The C library connects to
, a thin shim that is the doorway to the
daemon. The DirectoryService
daemon consults the available plug-ins until it finds the
one that can answer the directory query.
Working with Passwords
traditional route to user and password information was through the
getpw* family of
functions. However, those functions are not ideal for working with
systems that support multiple directories (flat files, NetInfo, LDAP,
etc.). Also, in the interest of thwarting
dictionary attacks against password files,
many operating systems have stopped returning encrypted passwords
through those APIs. Many Unix and Linux systems simply return an
x" when you invoke a ...