Before Directory Services: Separate Files | Apple Training Series: Mac OS X System Administration Reference, Volume 1

Applications often ask for your identity and for a means of authenticating that identity with a user name and password. You propose an identity by entering a user name, which is then compared to a list of user names. Once the application finds a matching identity, authentication (proof of identity) is required. By entering a password, you are proposing a piece of information that can be used to authenticate against. Once your account has been authenticated, you are authorizedusing your proposed identityto gain access to resources needed while using the application.

Identification and authentication information (or methods) must be stored in a way that makes them easy for applications to access. For years, UNIX systems stored administrative information in a collection of files located in the /etc directory. This scheme required each computer to have its own local set of files for applications to find administrative information. If you're experienced with UNIX, you probably know about the files in the /etc directorygroup, hosts, master.passwd, and so on.

For example, a UNIX application that needed to identify a user account and verify the password consulted the /etc/master.passwd file. For group information, it consulted the /etc/group file. This means of storing identification and authentication information was not very centralized, could not be easily distributed, and worked only with certain types of operating systems.

Another disadvantage of this method is that information was stored in a variety of places (in other words, files). If you wanted to add a user, you had to first add the user to the master.passwd file, then possibly edit the group file to add that user to various groups. Permitting users to change their passwords often involved a cumbersome method of using the command line. Meanwhile, the password itself was stored in the master.passwd file, along with the user information. Not only was this method difficult to manage, but it was also insecure by today's standards.

The first step to collecting and storing all the information in one centralized location was having all the necessary files inside the /etc directory, but individual files were not necessarily the best answer.