30

5Select “Allow federation with the following domains” to restrict S2S communication to those servers listed.

You can add or remove domains using the Add (+) or Delete (–) buttons below the list.

The entries can be complete host names or domains (this can be a mix of servers and domains).

The server software does the rule-matching to see if these domains can interact. Any domain or host not in the approved list cannot communicate with your iChat server.

6Click Save.

Integrating with Directory Services

As with other services, iChat authentication is based on Open Directory or any other Lightweight Directory Access Protocol (LDAP) server bound to the iChat service host.

iChat accesses user accounts through directory services and cannot directly access the LDAP server. You can also bind your server to other LDAP servers, enabling users on the other LDAP servers to authenticate with your iChat server.

For more information, see Open Directory Administration.

Setting the iChat Authentication Method

iChat supports three methods of authentication, with Kerberos authentication being the most secure.

Administrators must use Server Admin to configure an Open Directory master (with Kerberos enabled) to allow Kerberos authentication. Otherwise, the server can be configured to use the Kerberos Domain Controller (KDC) on another host. However, the Kerberos realm hosted by the KDC must match the realm served by the iChat server.

To select an authentication method:

1Open Server Admin and connect to the server.

2Click the triangle to the left of the server. The list of services appears.

3From the expanded Servers list, select iChat.

4Click Settings, then click General.

5Choose the method of authentication from the Authentication pop-up menu.

ÂChoose Standard if you want iChat to only accept password authentication.

ÂChoose Kerberos if you want iChat to only accept Kerberos authentication.

ÂChoose Any Method if you want iChat to accept password and Kerberos authentication.

6Click Save.

Chapter 3 Setting Up Advanced iChat Service Configurations

Page 30
Image 30
Apple Mac OS manual Integrating with Directory Services, Setting the iChat Authentication Method