Chapter 5. Controlling Access with Directories

In This Chapter

  • Getting familiar with account types in a directory

  • Binding your clients and servers to directories

  • Authenticating with LDAP and Kerberos

When your entire network infrastructure entails a computer on a desk in your living room, management of your user accounts and preferences is simple and straightforward. The operating system you prefer makes no difference; your account and data are stored in one physical location. Add a second computer, and maybe a laptop for travel, and you now have two or three sets of user accounts, passwords, and data. You'll spend more time synchronizing your data, but otherwise it's largely the same process.

But multiply the computers by tens, hundreds, or thousands and you see how managing users and data becomes beyond cumbersome in a large network. The solution is to create network directory services to aid managing many computer systems and users. A network directory is essentially a shared list of users, accounts, and resources that reside on the network. A directory can reside in one server computer or can be handled by dozens of servers on a large network.

Directory services also handles the job of authenticating users, which confirms the identity of users logging in from a client computer. Directory services handles authentication for other services, such as e-mail or file sharing, or to the entire network, or for the entire network at once — known as single sign-on.

Snow Leopard Server can host ...

Get Mac OS® X Snow Leopard™ Server For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.