Section 7.1. Open Directory in Action


7.1. Open Directory in Action

To help explain how Open Directory is used in Mac OS X, let's look at a few examples. When you enter your username and password into the login window, the following steps happen:

  1. The login window calls Open Directory with a request to authenticate the user.

  2. Open Directory takes the username and password and, if the user exists, looks up the authentication method.

  3. Using the proper process governed by the authentication method, Open Directory attempts to validate the password.

  4. Open Directory indicates whether the user was authenticated to the login window.

  5. If the user was authenticated, the login window proceeds to create a GUI session for the user.

  6. As the GUI session is created, Open Directory is queried to give the location of the user's Home folder.

This basic process of querying Open Directory for user information is followed by all parts of the system that either know how to use Open Directory or are using it behind the scenes by using the PAM (pluggable authentication modules) functionality built into many Unix-based applications. For example, when you log into your computer remotely via SSH, the following steps occur:

  1. sshd (the SSH server daemon) gets the username and password for the user requesting to log in.

  2. sshd then makes a PAM call to authenticate the user. This is handled by Open Directory.

  3. Open Directory takes the username and password and, if the user exists, looks up the authentication method.

  4. Using the proper process governed by the authentication method, Open Directory attempts to validate the password.

  5. Open Directory indicates whether the user was authenticated to sshd.

In addition, the act of browsing the network for filesystems when you use the Finder's Go Connect to Server (-K) menu causes a lookup into Open Directory, which then presents the information that it finds using LDAP, NetInfo, Bonjour, SMB, SLP, and AppleTalk. Open Directory is also used by Terminal's File Connect to Server (Shift--K) command, which allows you to create a connection to Bonjour-enabled computers that advertise SSH and Telnet services.




Running Mac OS X Tiger
Running Mac OS X Tiger: A No-Compromise Power Users Guide to the Mac (Animal Guide)
ISBN: 0596009135
EAN: 2147483647
Year: 2004
Pages: 166

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net