30
5Select “Allow federation with the following domains” to restrict S2S communication to those servers listed.
You can add or remove domains using the Add (+) or Delete
The entries can be complete host names or domains (this can be a mix of servers and domains).
The server software does the
6Click Save.
Integrating with Directory Services
As with other services, iChat authentication is based on Open Directory or any other Lightweight Directory Access Protocol (LDAP) server bound to the iChat service host.
iChat accesses user accounts through directory services and cannot directly access the LDAP server. You can also bind your server to other LDAP servers, enabling users on the other LDAP servers to authenticate with your iChat server.
For more information, see Open Directory Administration.
Setting the iChat Authentication Method
iChat supports three methods of authentication, with Kerberos authentication being the most secure.
Administrators must use Server Admin to configure an Open Directory master (with Kerberos enabled) to allow Kerberos authentication. Otherwise, the server can be configured to use the Kerberos Domain Controller (KDC) on another host. However, the Kerberos realm hosted by the KDC must match the realm served by the iChat server.
To select an authentication method:
1Open Server Admin and connect to the server.
2Click the triangle to the left of the server. The list of services appears.
3From the expanded Servers list, select iChat.
4Click Settings, then click General.
5Choose the method of authentication from the Authentication
ÂChoose Standard if you want iChat to only accept password authentication.
ÂChoose Kerberos if you want iChat to only accept Kerberos authentication.
ÂChoose Any Method if you want iChat to accept password and Kerberos authentication.
6Click Save.
Chapter 3 Setting Up Advanced iChat Service Configurations
