User Management, Single Signon, User Accounts | Apple 10.3 specification

32

The following services on Mac OS X Server support Kerberos authentication: AFP, mail, FTP, SSH, and login window.

•Storing passwords in user accounts. This approach may be useful when migrating user accounts from earlier server versions. However, this approach may not support clients that require certain network-secure authentication protocols, such as APOP.

•Non-Apple LDAPv3 authentication. This approach is available for environments that already have an LDAPv3 server set up to authenticate users.

Single Signon

When a Mac OS X user is authenticated using Kerberos, the user does not have to enter a user name and password every time he or she uses a Kerberized service.

The user enters the Kerberos name and password at login, but does not need to reenter it when using Apple file service, mail service, or other services that support Kerberos authentication.

Discovery of Network Services

Information about file servers and other services tends to change much more frequently than user information, so it isn’t typically stored in directories. Instead, information about these services is discovered as the need arises.

Open Directory can discover network services that make their existence and whereabouts known. Services make themselves known by means of standard protocols. Open Directory supports the following service discovery protocols:

•Rendezvous, the Apple protocol that uses multicast DNS

•SMB, the protocol used by Microsoft Windows

•AppleTalk, the legacy Mac OS protocol for file services

•SLP, an open standard for discovering file and print services

User Management

Mac OS X Server helps you manage access to network resources, files, and services by Macintosh, Windows, UNIX, and Linux computer users.

The user management guide contains a full description of the server’s user management capabilities. Some highlights follow.

User Accounts

User accounts contain the information needed to prove a user’s identity: user name, password, and user ID. Other information in a user’s account is needed by various services—to determine what the user is authorized to do and perhaps to personalize the user’s environment.

Chapter 2 Inside Mac OS X Server

Image 32

Apple 10.3 manual User Management, Single Signon, Discovery of Network Services, User Accounts

Contents

Mac OS X Server Getting Started Apple Computer, Inc Apple Computer, Inc. All rights reserved Contents Server Administration Using the Administration ToolsComputers You Can Use to Administer a Server Setting Up an Administrator Computer Installation and Setup Overview Installing Server SoftwareLocal Installation From the Server Install Discs Remote Installation From the Server Install Discs Appendix a Appendix B Glossary Index Page What’s New in Version Superior Performance and Scalability Improved Setup, Management, and Monitoring Enhanced Network and Directory Services Improved Windows Integration New Workgroup and Desktop Management Features Part II Installation and Initial SetupWhat’s Included in This Guide Part I Introduction to Mac OS X Server Getting Additional Information This guide Tells you how to Preface About This Guide Page Part I Introduction to Mac OS X Server Page 1Mac OS X Server in Action Mac OS X Server addresses the needs of many environments Enterprise Organizations Workgroup servers Higher-Education Facilities Labs and Classrooms Directory server Small and Medium Businesses VPN Computational Clustering Applications Creative Businesses Web Service Providers Mac OS X Server in Action Core System Services 2Inside Mac OS X Server Using Apple Directories Open Directory Search Policies Using Other DirectoriesAuthentication Discovery of Network Services User ManagementSingle Signon User Accounts Group Accounts Home DirectoriesMacintosh User Management Preference Management System Image Services NetBootWindows User Management Mobile Accounts File Services Network Install Sharing Apple File ServiceWindows Services Network File System NFS Service File Transfer Protocol FTP Print Service Web Service Mail Service Network Services Dhcp Firewall NAT Media Streaming and Broadcasting IP Failover Application Server Support Apache Tomcat WebObjects Integrating Into Existing EnvironmentsJBoss Server Administration High AvailabilityPage 3Server Administration Using the Administration Tools Computers You Can Use to Administer a Server Setting Up an Administrator Computer Using a Non-Mac OS X Computer for Administration Server Assistant InstallerDirectory Access Opening and Authenticating in Workgroup Manager Workgroup Manager Using Workgroup Manager Server Administration Server Administration Using Server Admin Server AdminOpening and Authenticating in Server Admin Server Administration Server Administration System Image Management Server Monitor Media Streaming Management Apple Remote Desktop Working With Version 10.2 Servers From Version 10.3 Servers Command-Line ToolsMacintosh Manager Part II Installation and Initial Setup Page 4Installation and Setup Overview Planning Installing Server Software Local Installation From the Server Install Discs Remote Installation From the Server Install Discs Automating Server Installation With a Disk Image Initial Server Setup Setting Up Servers Interactively Welcome Automating Server Setup Using Setup Data Stored in a File Using Setup Data Stored in a Directory Then plug the iPod into the next server Using Encryption Setting Up Services Keeping Current Set Up a Planning Team 5Before You Begin Identify the Servers You’ll Need to Set Up Determine Services to Host on Each Server Define a Migration Strategy Define an Integration Strategy Define Physical Infrastructure Requirements Define Server Setup Infrastructure Requirements Collect and Organize Information Determine the Installation and Setup Strategy to UseMake Sure Required Server Hardware Is Available 6Installing Server Software Information You Need Upgrading From Version 10.1 or Preparing Disks for Installing Mac OS X Server To install server software locally Identifying Remote Servers When Installing Mac OS X ServerUsing Installer to Install Locally From the Install Discs To install to a remote server using the install discs Installing Server Software To use installer to install server software Automating Server Software Installation With a Disk ImageTo install server software on your computer Volumes/Mount Volumes/Mount1 Volumes/Mount02 Ssh root@ip address Installing Optional Server Software 7Initial Server Setup Using Setup Data Saved in a File Saving Setup DataHow a Server Searches for Saved Setup Data Initial Server Setup Using Setup Data Saved in a Directory Keeping Backup Copies of Saved Setup Data Specifying Initial Open Directory Usage Not Changing Directory Usage When Upgrading Setting Up a Server as a Standalone Server Setting Up a Server to Host an Open Directory Master Setting Up a Server to Connect to a Directory System To set up a local server interactively Using Interactive Server SetupSetting Up a Local Server Interactively To set up a remote server interactively Postponing Local Server Setups Following InstallationSetting Up a Remote Server Interactively Setting Up Multiple Remote Servers Interactively in a Batch To set up multiple remote servers interactively in a batch Initial Server Setup Using Automatic Server Setup Setting Up Servers Automatically Using Data Saved in a File To save and apply setup data in a file 102 To save and apply setup data in a directory record 104 105 Determining the Status of Setups Setting Up Open Directory Setting Up User Management Setting Up File ServicesTo set up a user account To set up file sharing Setting Up Print Service Setting Up Web ServiceTo set up a shared printer queue To turn on web service if it’s not running Setting Up Mail Service Setting Up Network ServicesSetting Up System Image Services Setting Up Media Streaming and Broadcasting Setting Up an Application Server To turn on JBoss if it’s not running Mac OS X Server Worksheet Appendix Disk format Computer name 114 Time zone Network interface data for this server is in the table below Appendix a Mac OS X Server Worksheet 118 BSetup Example Mac OS X Server in a Small Business Set up the server and the master directory How to Set Up the ServerSet up the network 121 Set up the firewall Set up DNS service Set up Dhcp service Set up NAT service Set up VPN service Set up productivity services Create user accounts and home directories Configure client computers Glossary Glossary Directory node See directory domain 129 Long name See user name Name server See DNS Domain Name System Realm See WebDAV realm Search path See search policy 133 134 135 Page Index 138 139