Apple Mac OS manual Securing S2S Connections, Using Certificates to Secure S2S Communication

Page 28

28

Using Server Admin, you can take advantage of additional options for securing S2S communications. These options include filtering domains where servers are matched against a given list.

To enable or disable S2S communication:

1Open Server Admin and connect to the server.

2Click the triangle to the left of the server. The list of services appears.

3From the expanded Servers list, select iChat.

4Click Settings, then click General.

5Select or deselect “Enable XMPP server-to-server federation.”

6Select the “Require secure server-to-server federation” checkbox.

This restricts S2S communication and allow only iChat to connect with servers that support encrypted connections through SSL/TLS. This means that only servers that support TLS are allowed to communicate with your iChat server.

This option requires a Secure Socket Layer (SSL) certificate to be installed, which is used to secure the S2S federation. For more information, see “Securing S2S Connections” on page 28.

7Set which domains are included in the S2S federation.

Select “Allow federation with all domains” to permit unrestricted S2S communication.

Select “Allow federation with the following domains” to restrict S2S communication to listed servers.

You can add or remove domains using the Add (+) or Delete (–) buttons below the list.

8Click Save.

Securing S2S Connections

Using Server Admin, you can take advantage of additional security options for S2S communication. These options include using SSL certificates and filtering domains where servers are matched to those on a given list.

To learn more, see the following topics:

Â“Using Certificates to Secure S2S Communication”

Â“Creating an Approved Federation Domain List”

Â“Integrating with Directory Services”

Â“Setting the iChat Authentication Method”

Using Certificates to Secure S2S Communication

Using Server Admin, you can secure S2S communication with certificates.

Chapter 3 Setting Up Advanced iChat Service Configurations

Image 28

Contents Mac OS X Server 019-0939/2007-09-01 Contents Setting Up S2S Communication Integrating with Directory ServicesSetting the iChat Authentication Method Setting Up iChat on Virtually Hosted DomainsAbout This Guide What’s New in VersionUsing Onscreen Help To get help for an advanced configuration of Leopard ServerWhat’s in this Guide To see the most recent server help topicsAdvanced Server Administration Guides This guide Tells you how toUser Management Getting Documentation Updates Getting Additional InformationPreface About This Guide Understanding iChat Service How iChat WorksHow iChat Users Are Authenticated Using iChat in Small to Medium Organizations Using iChat in Large OrganizationsServer Admin Tools for Managing iChatCommand-Line Tools Workgroup ManagerUnderstanding iChat Service Service Using Other Chat ApplicationsUnderstanding iChat Screen Names Adding an Account to iChatSetup Overview Configuring and Starting Open DirectoryOpening Firewall Ports for iChat Service Turning iChat Service OnSetting up iChat To turn iChat service onConfiguring General Settings To configure iChat General settingsTo set up iChat to log chat sessions Configuring Logging SettingsStarting iChat Setting Access Control for iChat Setting Sacl Permissions for Users and GroupsTo start iChat service Managing iChatUsing SSL for iChat Setting Sacl Permissions for AdministratorsTo set administrator Sacl permissions for iChat Locating iChat Configuration Files To identify an SSL certificate for use by iChatTurning Auto-Buddy Support On Viewing iChat LogsStopping iChat Setting Up and Managing iChat Service Setting Up S2S Communication Setting Up Advanced iChat Service ConfigurationsLinking Multiple Chat Servers S2S To enable or disable S2S communication Using Certificates to Secure S2S CommunicationSecuring S2S Connections To select a certificate Creating an Approved Federation Domain ListTo create a federation domain list Setting the iChat Authentication Method Integrating with Directory ServicesTo select an authentication method Setting Up iChat on Virtually Hosted Domains To configure iChat on a virtually hosted domainSetting Up Advanced iChat Service Configurations Glossary Apple Filing Protocol See AFPDomain name See DNS name Domain Name System See DNS Home directory See home folder File Transfer Protocol See FTPInternet Protocol See IP Line Printer Remote See LPR Network File System See NFSOplocks See opportunistic locking QuickTime Streaming Server See Qtss Transmission Control Protocol See TCP User Datagram Protocol See UDP User ID See UIDGlossary Index Index