Specifications

Chapter 1 Directory Service Concepts 23

Shared domains generally reside on servers because directory domains store extremely

important data, such as the data for authenticating users. Access to servers is usually

tightly restricted to protect the data on them. In addition, directory data must always

be available. Servers often have extra hardware features that enhance their reliability,

and servers can be connected to uninterruptible power sources.

Shared directories can also be used to isolate network resources from some users. For

example, graphic artists in a company might need to work on high-performance

computers, while copy center personnel can work on computers with standard

equipment. You could restrict access to the two kinds of computers by setting up user

records in two shared directory domains. One shared domain would contain records for

users who work on the high-performance computers. The other shared domain would

contain records for users who work on the standard computers. Rather than

configuring user access on each computer individually, you would use Workgroup

Manager to create all the user records in the two shared domains: Graphics and Repro.

When users log in to high-performance computers, user records in the Graphics

directory domain will be used to authenticate them. Likewise when users log in to

standard computers, user records in the Repro directory domain will be used to

authenticate them. A user whose record is in the Repro directory can’t log in to a high-

performance computer. A user whose record in the Graphics directory domain can’t log

in to a standard computer.

Repro