Apple Mac OS manual How iChat Users Are Authenticated

Page 12

12

Apple uses the jabberd software, which implements the Jabber protocol. Jabber is a trademarked term given to this XMPP protocol by the Jabber Software Foundation.

iChat provides peer-file transfer between users that can’t establish direct connections to a network because of intervening firewalls that block such connections. In the case of firewalls, iChat acts as a file-transfer proxy, using the Jabber Proxy65 module.

To access messaging and file transfer services, users connect to iChat from various compatible instant messaging (IM) applications. When connected, users can receive information about the status of other subscribed users, exchange messages with users or groups (via chat rooms), or exchange files with users.

Additionally, users can send messages to offline users. These messages are held by iChat and delivered when offline users connect to the server.

iChat also federates, or unites with other iChat servers or any XMPP-compliant service (such as Google Talk) using the server-to-server (S2S) capabilities of XMPP. This allows users with accounts on iChat servers to exchange text messages or files with users whose accounts are maintained outside their local network infrastructure, as long as those servers are accessible via the Internet.

To communicate with outside servers, iChat uses a program called S2S, part of the suite of programs that comprise the Jabber v2.0 server, to establish mutual connections with them.

iChat can be configured to require that S2S sessions be encrypted and to block S2S sessions with servers that do not support encryption. For encrypted sessions to be established, both servers must possess public key certificates, either self-signed or issued by a recognized Certificate Authority (CA).

Mac OS X Server includes a preinstalled, default, self-signed certificate, and accepts self- signed certificates from other servers. Depending on the XMPP software vendor at the other end of the S2S connection, a certificate from a trusted authority might need to be installed on the server before S2S sessions can be established.

For more information about increasing server security, see Mac OS X Server Security Configuration. Certificate information can also be found in Server Administration.

How iChat Users Are Authenticated

To use iChat on a specific server, users must be defined in directories that the server uses to authenticate users. In addition, iChat uses Secure Socket Layer (SSL) to protect the privacy of users while they chat. The following describes the process of iChat user authentication:

Chapter 1 Understanding iChat Service

Image 12
Contents Mac OS X Server 019-0939/2007-09-01 Contents Setting Up S2S Communication Integrating with Directory ServicesSetting the iChat Authentication Method Setting Up iChat on Virtually Hosted DomainsAbout This Guide What’s New in VersionUsing Onscreen Help To get help for an advanced configuration of Leopard ServerWhat’s in this Guide To see the most recent server help topicsAdvanced Server Administration Guides This guide Tells you how toUser Management Getting Documentation Updates Getting Additional InformationPreface About This Guide Understanding iChat Service How iChat WorksHow iChat Users Are Authenticated Using iChat in Small to Medium Organizations Using iChat in Large OrganizationsServer Admin Tools for Managing iChatCommand-Line Tools Workgroup ManagerUnderstanding iChat Service Service Using Other Chat ApplicationsUnderstanding iChat Screen Names Adding an Account to iChatSetup Overview Configuring and Starting Open DirectoryOpening Firewall Ports for iChat Service Turning iChat Service OnSetting up iChat To turn iChat service onConfiguring General Settings To configure iChat General settingsConfiguring Logging Settings To set up iChat to log chat sessionsStarting iChat Setting Access Control for iChat Setting Sacl Permissions for Users and GroupsTo start iChat service Managing iChatSetting Sacl Permissions for Administrators Using SSL for iChatTo set administrator Sacl permissions for iChat Locating iChat Configuration Files To identify an SSL certificate for use by iChatViewing iChat Logs Turning Auto-Buddy Support OnStopping iChat Setting Up and Managing iChat Service Setting Up Advanced iChat Service Configurations Setting Up S2S CommunicationLinking Multiple Chat Servers S2S Using Certificates to Secure S2S Communication To enable or disable S2S communicationSecuring S2S Connections Creating an Approved Federation Domain List To select a certificateTo create a federation domain list Integrating with Directory Services Setting the iChat Authentication MethodTo select an authentication method Setting Up iChat on Virtually Hosted Domains To configure iChat on a virtually hosted domainSetting Up Advanced iChat Service Configurations Glossary Apple Filing Protocol See AFPDomain name See DNS name Domain Name System See DNS File Transfer Protocol See FTP Home directory See home folderInternet Protocol See IP Line Printer Remote See LPR Network File System See NFSOplocks See opportunistic locking QuickTime Streaming Server See Qtss Transmission Control Protocol See TCP User Datagram Protocol See UDP User ID See UIDGlossary Index Index