PADL Software Pty Ltd

PADL Software Pty Ltd

 

About PADL

Articles

Commercial Software

Contacting PADL

Documentation

Open Source Software

Partners

Purchasing

Research and Development

Technical Support


  

Darwin

PADL have contributed a number of enhancements to Darwin, the core of Apple's Mac OS X operating system. Please note that this software is offered purely on an "as-is" basis, and PADL offers no support for it. The software is licensed under the Apple Public Source License (APSL) unless indicated otherwise. All software is available from Apple's Darwin CVS repository, with the exception of NetInfo for Linux, which is available from us.

Pluggable Authentication Modules (PAM)

Pluggable Authentication Modules, or PAM, provide a mechanism-agnostic interface to operating system sign-on. The PAM API is defined in OSF DCE RFC 86.0.We ported the widely available Linux-PAM to Darwin, and developed several modules to interface PAM with Apple's incumbent authentication technologies, including Directory Services, Keychain, NetInfo, and Security Services. Note that we have tried to stay as close to the current FreeBSD sources of PAM due to Darwin's BSD heritage.

Please see NOTES.rtf for build instructions.

PADL are no longer actively maintaining this port. Apple have indicated that PAM is part of OS X 10.2.

The software is available in the following modules of Darwin CVS (you will need a Darwin account to access the links below):

  • pam: PAM library (no modules)
  • pam_modules: Darwin-specific PAM modules
  • pam_loginwindow: bridge between Apple's loginwindow and PAM
  • pam_wrappers: Objective-C wrapper around PAM framework required by above bridge
  • system_cmds: various tools that perform authentication have PAM support in the lukeh-PAM branch
  • network_cmds: various tools that perform authentication have PAM support in the lukeh-PAM branch

Open Directory

PADL contributed the X.500 naming code to NetInfo, as well as integrating Kerberos authentication (using the RPCSEC_GSS implementation from the University of Michigan). The Kerberos integration code was originally developed by Xedoc Software Development.

The binddnsdomain tool associates the current DNS domain (or, confusingly, an arbitrary distinguished name) with a NetInfo tag on the local machine. This is only useful if you are running the LDAP/NetInfo bridge.

PADL contributed an updated version of LDAPAgent, with support for LDAPv3, Active Directory, and RFC2307bis, to the lukeh-OpenLDAP branch of lookupd. A binary of this is available from here. This will not work OS X 10.2: LDAPAgent has been removed from the current Darwin sources and customers should use Apple's Directory Services, or the lightweight LLAgent for local directory access.

PADL wrote the initial implementation of LDAPAgent that shipped in Mac OS X Server 1.0 and Mac OS X 10.1 and below, as well as the LDAP/NetInfo bridge. More information on advanced configuration of the LDAP/NetInfo bridge is available here.

Home | Bugzilla

Copyright 1999-2010 PADL Software Pty Ltd ABN 16 085 895 585. All rights reserved.
PADL is a registered trademark of PADL Software Pty Ltd.