Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
171172173174175176177178179180
Appendix B Open Directory Password Server Authentication Methods 175
Digest-MD5 Password Validation
Digest-MD5 is used by the Mac OS X login window, many email programs, and some
LDAP software. This authentication method encodes passwords when they are sent
over the network, and stores them in a scrambled form on the server. It offers good
security during network transmission. A malicious user might be able to obtain
passwords by gaining access to the server and decoding the password file, although
doing this would be very difficult. Digest-MD5 cannot be disabled.
MS-CHAPv2 Password Validation
MS-CHAPv2 is used by the VPN service of Mac OS X Server. This authentication method
encodes passwords when they are sent over the network, and stores them in a
scrambled form on the server. It offers good security during network transmission. A
malicious user might be able to obtain passwords by gaining access to the server and
decoding the password file, although doing this would be very difficult.
SMB-NT Password Validation
SMB-NT password validation is required by default for some Microsoft Windows
computers to connect to the Mac OS X Server for Windows services. It is sometimes
called Windows Secure Password Exchange (NT). It encodes passwords when they are
sent over the network, and stores them in a scrambled form on the server. A malicious
user might be able to obtain passwords by gaining access to the server and decoding
the password file, although doing this would be very difficult. If SMB-NT password
validation is disabled, each individual Windows client system must be configured to
work with the server. If you want Windows users to be able to easily share files on your
system, you should keep SMB-NT enabled.
SMB-LAN Manager Password Validation
SMB-LAN Manager password validation is required by default for some Microsoft
Windows systems to connect to the Mac OS X SMB Server. It is sometimes called
Windows Secure Password Exchange (LAN Manager). It encodes passwords when they
are sent over the network, and stores them in a scrambled form on the server. A
malicious user might be able to obtain passwords by gaining access to the server and
decoding the password file, although doing this would be very difficult. If SMB-LAN
Manager password validation is disabled, each individual Windows client system must
be configured to work with the server. If you want Windows users to be able to easily
share files on your system, you should keep SMB-LAN Manager enabled.
LL2352.Book Page 175 Friday, August 22, 2003 3:12 PM