12

Apple uses the jabberd software, which implements the Jabber protocol. Jabber is a trademarked term given to this XMPP protocol by the Jabber Software Foundation.

iChat provides peer-file transfer between users that can’t establish direct connections to a network because of intervening firewalls that block such connections. In the case of firewalls, iChat acts as a file-transfer proxy, using the Jabber Proxy65 module.

To access messaging and file transfer services, users connect to iChat from various compatible instant messaging (IM) applications. When connected, users can receive information about the status of other subscribed users, exchange messages with users or groups (via chat rooms), or exchange files with users.

Additionally, users can send messages to offline users. These messages are held by iChat and delivered when offline users connect to the server.

iChat also federates, or unites with other iChat servers or any XMPP-compliant service (such as Google Talk) using the server-to-server (S2S) capabilities of XMPP. This allows users with accounts on iChat servers to exchange text messages or files with users whose accounts are maintained outside their local network infrastructure, as long as those servers are accessible via the Internet.

To communicate with outside servers, iChat uses a program called S2S, part of the suite of programs that comprise the Jabber v2.0 server, to establish mutual connections with them.

iChat can be configured to require that S2S sessions be encrypted and to block S2S sessions with servers that do not support encryption. For encrypted sessions to be established, both servers must possess public key certificates, either self-signed or issued by a recognized Certificate Authority (CA).

Mac OS X Server includes a preinstalled, default, self-signed certificate, and accepts self- signed certificates from other servers. Depending on the XMPP software vendor at the other end of the S2S connection, a certificate from a trusted authority might need to be installed on the server before S2S sessions can be established.

For more information about increasing server security, see Mac OS X Server Security Configuration. Certificate information can also be found in Server Administration.

How iChat Users Are Authenticated

To use iChat on a specific server, users must be defined in directories that the server uses to authenticate users. In addition, iChat uses Secure Socket Layer (SSL) to protect the privacy of users while they chat. The following describes the process of iChat user authentication:

Chapter 1 Understanding iChat Service

Page 11 Page 13
Page 12
Image 12
Apple Mac OS manual How iChat Users Are Authenticated
Page 11 Page 13
Top Page Image Contents