Hardware manual

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Collaboration Services

8 Preface

About This Supplement

User Access Management

Numerous new features in version 10.4 enhance your ability to both facilitate and

manage user access to services:

Access Control Lists (ACLs).

ACLs give you a way to craft share point, folder, and file

access permissions with a high degree of precision. A wide range of permissions can

be assigned to individual users and to groups, which can be nested. In addition, you

can use inheritance to propagate permissions through a file system hierarchy.

Nested groups.

A nested group is a group that’s a member of another group.

Nesting groups lets you manage groups of users at both a global level (when you

want to influence all members of a group) and at a smaller, more focused level (when

you want to influence only certain members of a group).

Unified locking.

Mac OS X Server unifies file locking across AFP and SMB/CIFS

protocols. This feature lets users working on multiple platforms simultaneously share

files without worrying about file corruption.

Service access.

You can specify which users and groups can use services hosted by a

server.

Pervasive Kerberos support.

The following services on Mac OS X Server now

support Kerberos authentication: AFP, mail, File Transfer Protocol (FTP), Secure Shell

(SSH), login window, LDAPv3, Virtual Private Network (VPN), screen saver, and Apache

(via the SPNEGO protocol).

Network browsing.

You can set up managed network views, which are custom

views that users see when they select the Network icon in the sidebar of a Finder

window. A managed network view is one or more network neighborhoods, which

appear in the Finder as folders. Each folder contains a list of resources that an

administrator has associated with the view. Managed network views offer a

meaningful way to present network resources. You can create multiple views for

different client computers. And because the views are stored using Open Directory,

a computer’s network view is automatically available when a user logs in.

Site-to-site VPN.

Site-to-site VPN connects two networks. It offers a secure

connection that’s easy to establish when it’s necessary to set up a network at another

site, as when a business expands. Site-to-site VPN makes both networks appear as

one to users working at either site.

Mobility.

Users with portable computers can use trusted binding to make sure that

servers accessed as they move around are trustworthy. Trusted binding offers a way

for a client computer to authenticate to an LDAP server and for the LDAP server to

authenticate to the client.

Trusted directory binding.

Trusted directory binding, also called authenticated

directory binding, provides an authenticated connection between a client computer

and an LDAP directory on Mac OS X Server. Because the client computer

authenticates the LDAP server before connecting to it, a malicious user can’t control

the client computer by interposing a counterfeit, unauthenticated LDAP server.