Specifies the form of authentication information held by the Directory; describes how authentication information may be obtained from the Directory; states the assumptions made about how authentication information is formed and placed in the Directory; a