Authentication Services uses eDirectory for functions such as user authentication. The Platform Services Process, together with the System Intercept, provides Authentication Services on a platform.
z/OS* and UNIX systems can redirect password verification and password changes through Authentication Services to eDirectory. An IBM* OS/400* system can authenticate users locally, but uses Authentication Services to replicate passwords in its password store from the passwords of objects in eDirectory that correspond to its users. z/OS and UNIX systems can supplement password redirection with password replication for fail-safe operation.
The Identity Manager Fan-Out driver uses the system intercept on Windows* and NetWare® systems to capture password change information and store it in eDirectory. Password change information from eDirectory is delivered to authorized systems as provisioning events, replicating password information from eDirectory.
You can use the platform configuration file to specify which users use Authentication Services and which ones authenticate locally. The driver has a built-in list of special users that, by default, are excluded from Authentication Services. For more information about the platform configuration file, see Section 3.0, The Platform Configuration File. For more information about the standard exclude list, see Section 1.10, Standard Exclude List.