Filter
Top Products
Chapter 1 User Management Overview 27
The following illustration shows a user logging in to an account in a directory domain
in the computer’s search policy.
After login, the user can connect to a remote server to access its services (if the user’s
account is located in the server’s search policy).
If Mac OS X finds a user account containing the name entered by the user, it attempts
to validate the password associated with the account. If the password is validated, the
user is authenticated and the login or connection process is completed.
Mac OS X Server validates passwords using Kerberos, Open Directory Password Server,
shadow passwords, and crypt passwords.
For more information about types of directory domains and instructions for
configuring search policies, see Open Directory Administration. This guide also discusses
authentication methods and provides instructions for setting up user authentication
options.
Information Access Control
To control access to information, a universal ID called a globally unique identifier (GUID)
provides user and group identity for access control list (ACL) permissions.
An ACL is a list of access control entries (ACEs), each specifying the permissions to be
granted or denied to a group or user, and how these permissions are propagated
throughout a folder hierarchy. The GUID also associates a user with group and
hierarchical group memberships.
Log in to
Mac OS X
Directory domains
in search policy
Connect to
Mac OS X Server
Directory domains
in search policy