Apple Mac OS manual Integrating with Directory Services, Setting the iChat Authentication Method

Page 30

30

5Select “Allow federation with the following domains” to restrict S2S communication to those servers listed.

You can add or remove domains using the Add (+) or Delete (–) buttons below the list.

The entries can be complete host names or domains (this can be a mix of servers and domains).

The server software does the rule-matching to see if these domains can interact. Any domain or host not in the approved list cannot communicate with your iChat server.

6Click Save.

Integrating with Directory Services

As with other services, iChat authentication is based on Open Directory or any other Lightweight Directory Access Protocol (LDAP) server bound to the iChat service host.

iChat accesses user accounts through directory services and cannot directly access the LDAP server. You can also bind your server to other LDAP servers, enabling users on the other LDAP servers to authenticate with your iChat server.

For more information, see Open Directory Administration.

Setting the iChat Authentication Method

iChat supports three methods of authentication, with Kerberos authentication being the most secure.

Administrators must use Server Admin to configure an Open Directory master (with Kerberos enabled) to allow Kerberos authentication. Otherwise, the server can be configured to use the Kerberos Domain Controller (KDC) on another host. However, the Kerberos realm hosted by the KDC must match the realm served by the iChat server.

To select an authentication method:

1Open Server Admin and connect to the server.

2Click the triangle to the left of the server. The list of services appears.

3From the expanded Servers list, select iChat.

4Click Settings, then click General.

5Choose the method of authentication from the Authentication pop-up menu.

ÂChoose Standard if you want iChat to only accept password authentication.

ÂChoose Kerberos if you want iChat to only accept Kerberos authentication.

ÂChoose Any Method if you want iChat to accept password and Kerberos authentication.

6Click Save.

Chapter 3 Setting Up Advanced iChat Service Configurations

Image 30
Contents Mac OS X Server 019-0939/2007-09-01 Contents Setting the iChat Authentication Method Setting Up S2S CommunicationIntegrating with Directory Services Setting Up iChat on Virtually Hosted DomainsAbout This Guide What’s New in VersionWhat’s in this Guide Using Onscreen HelpTo get help for an advanced configuration of Leopard Server To see the most recent server help topicsAdvanced Server Administration Guides This guide Tells you how toUser Management Getting Documentation Updates Getting Additional InformationPreface About This Guide Understanding iChat Service How iChat WorksHow iChat Users Are Authenticated Using iChat in Small to Medium Organizations Using iChat in Large OrganizationsServer Admin Tools for Managing iChatCommand-Line Tools Workgroup ManagerUnderstanding iChat Service Understanding iChat Screen Names ServiceUsing Other Chat Applications Adding an Account to iChatSetup Overview Configuring and Starting Open DirectorySetting up iChat Opening Firewall Ports for iChat ServiceTurning iChat Service On To turn iChat service onConfiguring General Settings To configure iChat General settingsConfiguring Logging Settings To set up iChat to log chat sessionsStarting iChat To start iChat service Setting Access Control for iChatSetting Sacl Permissions for Users and Groups Managing iChatSetting Sacl Permissions for Administrators Using SSL for iChatTo set administrator Sacl permissions for iChat Locating iChat Configuration Files To identify an SSL certificate for use by iChatViewing iChat Logs Turning Auto-Buddy Support OnStopping iChat Setting Up and Managing iChat Service Setting Up Advanced iChat Service Configurations Setting Up S2S CommunicationLinking Multiple Chat Servers S2S Using Certificates to Secure S2S Communication To enable or disable S2S communicationSecuring S2S Connections Creating an Approved Federation Domain List To select a certificateTo create a federation domain list Integrating with Directory Services Setting the iChat Authentication MethodTo select an authentication method Setting Up iChat on Virtually Hosted Domains To configure iChat on a virtually hosted domainSetting Up Advanced iChat Service Configurations Glossary Apple Filing Protocol See AFPDomain name See DNS name Domain Name System See DNS File Transfer Protocol See FTP Home directory See home folderInternet Protocol See IP Line Printer Remote See LPR Network File System See NFSOplocks See opportunistic locking QuickTime Streaming Server See Qtss Transmission Control Protocol See TCP User Datagram Protocol See UDP User ID See UIDGlossary Index Index