Overview#In eDirectory The different types of authentication Methods are handled through so-called login methods.
Each login method is defined once per eDirectory tree and the definition is stored in the security container. Users and other objects can be assigned various login methods and these then define how that user can authenticate to eDirectory.
The simplest login method is the one called "NDS password". This login method just sends the password as the user typed it to the NMAS server using an encrypted channel. The NMAS server then does the password verification and if the password is OK, it accepts the user login.
Note that the password verification on the server side is not necessarily done with the NDS password. Other passwords that exist for the user could be used as well. Therefore, the "NDS password" login method could better have been simply called "Password". This behavior is slightly different from an NDS login without NMAS. In fact, without NMAS, the password is hashed by the client before being sent to the server. So the server does not know what password the client used. It can only verify if it was the correct one. This distinction is very important when it comes to Universal Password.