Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 66

Advertising
background image

66

Chapter 2

APOP Authentication Method

APOP is used by many email programs. It encodes passwords when they are sent over the
network, and stores them in a recoverable form on the server. It offers good security during
network transmission. A malicious user may be able to obtain passwords by gaining access to
the server and decoding the password file, although doing this would be very difficult. If
APOP is disabled, some e-mail programs will transmit passwords over the network in plain
text format, which is a significant security risk. If you use your server for POP e-mail, you
should probably enable APOP.

SMB-NT Manager Authentication Method

SMB-NT authentication is required by default for some Microsoft Windows computers to
connect to the Mac OS X Server for Windows services. It is sometimes called Windows
Secure Password Exchange (NT). It encodes passwords when they are sent over the network,
and stores them in a scrambled form on the server. A malicious user may be able to obtain
passwords by gaining access to the server and decoding the password file, although doing
this would be very difficult. If SMB-NT authentication is disabled, each individual Windows
client system must be configured to work with the server. If you want Windows users to be
able to easily share files on your system, you should enable SMB-NT authentication.

SMB-LAN Manager Authentication Method

SMB-LAN Manager authentication is required by default for some Microsoft Windows systems
to connect to the Mac OS X SMB Server. It is sometimes called Windows Secure Password
Exchange (LAN Manager). It encodes passwords when they are sent over the network, and
stores them in a scrambled form on the server. A malicious user may be able to obtain
passwords by gaining access to the server and decoding the password file, although doing
this would be very difficult. If SMB-LAN Manager authentication is disabled, each individual
Windows client system must be configured to work with the server. If you want Windows
users to be able to easily share files on your system, you should enable SMB-LAN Manager
authentication.

DHX Authentication Method

Diffie-Hellman Exchange (DHX) is used by Mac OS X Server file service and some other
Apple Filing Protocol (AFP) file servers. DHX strongly encodes passwords when they are sent
over the network. DHX is always enabled.

Mac OS 8.1–8.6 client computers must have their AppleShare Client software upgraded to
use DHX.

m Mac OS 8.1–8.6 client computers with a PowerPC processor should use AppleShare Client

version 3.8.8.

m Mac OS 8.1–8.5 clients with a 680X0 processor should use AppleShare Client version

3.8.7.

LL0395.Book Page 66 Wednesday, November 20, 2002 11:44 AM

Advertising
See also other documents in the category Apple Software: