Implementation in Mac OS X Server
Mac OS X Server can host an Open Directory domain when configured as an Open Directory Master. In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the Open Directory Password Server and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself.
For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.
For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods:
- APOP
- CRAM-MD5
- Diffie–Hellman key exchange
- Digest-MD5
- MS-CHAPv2
- NTLM v1 and v2
- Lan Manager
- WebDAV-Digest
Any Mac OS X Server system prior to 10.7 (Lion) configured as an Open Directory Master can act as a Windows Primary Domain Controller (PDC), providing domain authentication services to Microsoft Windows clients.
Read more about this topic: Apple Open Directory