.\"     $Id: PasswordService.8,v 1.6 2005/05/03 23:51:57 snsimon Exp $
.\"
.\" Copyright (c) 2002 Apple Computer, Inc., all rights reserved.
.\" Distributed only as part of Mac OS X Server
.Dd 21 February 2002
.Dt PasswordService 8
.Os "Mac OS X Server"
.Sh NAME
.Nm PasswordService
.Nd Mac OS X Server Password Server daemon
.Sh SYNOPSIS
.Pp
.Nm
.Op Fl help | ver
.Pp
.Nm
.Op Fl n
.Sh DESCRIPTION
.Pp
In the first synopsis form,
.Nm
prints a usage summary or version information and quits.
In the second form,
.Nm
acts as a password server.
.Pp
.Nm
must be run as root; it will exit otherwise. If there is another instance of
.Nm
running, it will exit.
.Pp
The
.Nm
daemon acts as the gatekeeper for user passwords and provides an authentication resource
for all services running on the system. The standard way to communicate with PasswordService
is to use the DirectoryService API. Services authenticate via the dsDoDirNodeAuth() function call.
If the user being authenticated has an AuthenticationAuthority attribute that begins with ";ApplePasswordServer;"
the request is routed to
.Nm
for authentication. Normally, the users in an Open Directory LDAP server are managed through PasswordService.
The DirectoryService buffer formats for each authentication mechanism are documented
in the DirServicesConst.h header file. Some of the common methods supported are: APOP, CRAM-MD5, DIGEST-MD5,
MS-CHAPv2, NTLMv2 and NTLMv1.
.Pp
Some authentication methods require recoverable passwords. If APOP or WEBDAV-DIGEST
are enabled, the password database must contain recoverable passwords.
.Pp
The
.Nm
daemon enforces password policies, such as the minimum number of characters allowed or
when a password change is required. See
.Xr pwpolicy 8
for more information about password policies.
.Pp
.Nm
writes three log files; the server log contains all significant activity;
the replication log contains information about synchronization with other password servers;
the error log contains major error conditions.
.Sh OPTIONS
The following options are available:
.Bl -tag -width flag
.It Fl n
Do not daemonize.
.El
.Sh USAGE
In typical usage,
.Nm
is launched during the boot process by launchd. To start and stop
.Nm
manually, use 
.Xr launchctl 8
commands.
This command updates the configuration files and effect the startup state.
.Sh FILES & FOLDERS
.nf
/usr/sbin/PasswordService - the password service daemon
/Library/Logs/PasswordService/ApplePasswordServer.Error.log - the error log
/Library/Logs/PasswordService/ApplePasswordServer.Replication.log - the replication log
/Library/Logs/PasswordService/ApplePasswordServer.Server.log - the activity log
.fi
.Sh SEE ALSO
.Xr mkpassdb 8
.Xr launchctl 8
.Xr pwpolicy 8