The serviceAuthenticationMethod attribute determines the authentication method for a specific service. If this attribute is not set for the service, then the value of the authenticationMethod attribute is used.
If the enableShadowUpdate switch is set to true, the ldap_cachemgr daemon also follows the same sequence to bind to the LDAP server: use the value for the authenticationMethod attribute if the serviceAuthenticationMethod attribute is not configured. The daemon does not use the none authentication method.
You can select authentication methods for the following services:
passwd-cmd – Used by the passwd command to change the login password and password attributes. See the passwd (1) man page for details.
keyserv – Used by the chkey and newkey utilities to create and change a user's Diffie-Hellman key pair. See the chkey (1) and newkey (1M) man pages for details.
pam_ldap – Used for authenticating users that use the pam_ldap service. The pam_ldap supports account management.
The following example shows a section of a client profile in which the users use sasl/digest-MD5 to authenticate to the directory server but use an SSL session to change the password.
serviceAuthenticationMethod=pam_ldap:sasl/digest-MD5 serviceAuthenticationMethod=passwd-cmd:tls:simple