Apple 10.6 manual System Overview and Supported Standards

A standards-based directory services architecture offers centralized management of network resources using any LDAP server–even proprietary servers such as Microsoft Active Directory. The open source UNIX foundation makes it easy to port and deploy existing tools to Mac OS X Server.

The following standards-based technologies power Mac OS X Server:

ÂÂ Kerberos: Mac OS X Server integrates an authentication authority based on MIT’s Kerberos technology (RFC 1964) to provide users with single sign-on access to secure network resources.

Using strong Kerberos authentication, single sign-on maximizes the security of network resources while providing users with easier access to a broad range of Kerberos-enabled network services.

For services that have not yet been Kerberized, the integrated SASL service negotiates the strongest possible authentication protocol.

ÂÂ OpenLDAP: Mac OS X Server includes a robust LDAP directory server and a secure Kerberos password server to provide directory and authentication services to Mac, Windows, and Linux clients.

Apple has built the Open Directory server around OpenLDAP, the most widely deployed open source LDAP server, so it can deliver directory services for both Mac-only and mixed-platform environments.

LDAP provides a common language for directory access, enabling administrators to consolidate information from different platforms and define one namespace for all network resources. This means there is a single directory for all Mac, Windows, and Linux systems on the network.

ÂÂ RADIUS: Remote Authentication Dial-In User Service (RADIUS) is an authentication, authorization, and accounting protocol used by the 802.1x security standard for controlling network access by clients in mobile or fixed configurations. Mac OS X Server uses RADIUS to integrate with AirPort Base Stations serving as a central MAC address filter database. By configuring RADIUS and Open Directory, you can control who has access to your wireless network.

Mac OS X Server uses the FreeRADIUS Server Project. FreeRADIUS supports the requirements of a RADIUS server, shipping with support for LDAP, MySQL, PostgreSQL, Oracle databases, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP subtypes. Mac OS X Server supports proxying, with failover and load balancing.

ÂÂ Mail Service: Mac OS X Server uses robust technologies from the open source community to deliver comprehensive, easy-to-use mail server solutions. Full support for Internet mail protocols—Internet Message Access Protocol (IMAP), Post Office Protocol (POP), and Simple Mail Transfer Protocol (SMTP)—ensures compatibility with standards-based mail clients on Mac, Windows, and Linux systems.