On 18/10/2007, email@hidden <email@hidden> wrote:
> Hello list!
>
> Does there exist any reference or documentation for Apples PasswordServer
> authentication protocol?
Basically, no. The protocol is a private implementation detail that
you shouldn't really be depending on.
> Searching the darwin source - of which PasswordServer is not a part(?) but
> some of its clients are - I came up with:
Yes, I have repeatedly asked that PasswordServer be open-sourced as it
is a critical piece of security architecture. If this is important to
you too I suggest filing bugs.
> <http://www.opensource.apple.com/darwinsource/10.4.9.x86/OpenLDAP-69.1.2/OpenLDAP/servers/slapd/back-netinfo/psauth.c>
> ...which implements the function DoSASLAuth which is quite reveiling.
You might also want to look at
<http://www.opensource.apple.com/darwinsource/10.4.9.x86/DSPasswordServerPlugin-124.1/>
> Nevertheless: does Apple implement some propietary protocol or are they
> using some funky SASL protocol that slipped through my research. I'd be
> most thankfull for any reference, link, whatever.
It'll be proprietary and probably somewhat painful. I believe the
recommended interface for dealing with this would be to do
authentication on the PasswordServer node in Open Directory, which
should handle the nastyness of talking to the server directly. Is
there any reason that you can't do that?
If you have further questions about the nuances of Open Directory from
a programmatic standpoint, you might find you get a better response on
darwin-dev (even though PWS is not open source...)
-- Finlay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
