1.2 Architectural Overview

Figure 1-2 illustrates the components included in DSfW and how they interact.

Figure 1-2 DSfW Components

DSfW is made up of the following technologies:

  • eDirectory: eDirectory 8.8 SP2 and later supports DSfW.

  • Kerberos Key Distribution Center (KDC): Provides Active Directory-style authentication.

    NOTE:This is a KDC specifically developed for DSfW. It is different from the Novell Kerberos KDC.

  • NMAS Extensions: Provide support for GSS-API authentication mechanisms, and for SAMSPM, to generate Active Directory-style credentials when a user’s Universal Password is changed.

  • Active Directory Provisioning Handler (ADPH /Directory System Agent): Provides agent-side support for the Active Directory information model, regardless of access protocol. It enforces Active Directory security and information models, allocates Security Identifier (SIDs) to users and groups, validates entries, and enables existing eDirectory users and groups to use Active Directory and RFC 2307 authorization.

  • Domain Services Daemon: Provides support for Windows RPCs, including Local Security Authority, Security Accounts Manager, and Net Logon.

  • NAD Virtualization Layer: Virtualizes the Active Directory information model within eDirectory so that LDAP requests are handled appropriately.

  • CIFS: Provides file services and transport for DCE RPC over SMB. The services are provided by the Samba software included with OES DSfW.

  • DNS: The DNS server has been modified to support GSS-TSIG (Kerberos secured dynamic updates).

  • NTP: The NTP server has been modified to support the secure signing of NTP responses.