Specifications
Chapter 3 Open Directory Authentication 47
Multiplatform Authentication
Kerberos is available on every major platform, including Mac OS X, Windows, Linux,
and other UNIX variants.
Centralized Authentication
Kerberos provides a central authentication authority for the network. All Kerberos-
enabled services and clients use this central authority. Administrators can centrally
audit and control authentication policies and operations.
About Kerberized Services
Kerberos can authenticate users for the following services of Mac OS X Server:
Login window Â
Mail service Â
AFP le service Â
FTP le service Â
SMB le service (as a member of an Active Directory Kerberos realm) Â
VPN service Â
Apache web service Â
LDAP directory service Â
iChat service Â
Print service Â
NFS le service Â
Xgrid service Â
These services have been Kerberized whether they are running or not. Only services
that are Kerberized can use Kerberos to authenticate a user. Mac OS X Server includes
command-line tools for Kerberizing other services that are compatible with MIT-based
Kerberos.
Conguring Services for Kerberos After Upgrading
After upgrading to Mac OS X Server v10.6, you may need to congure some services to
use single sign-on Kerberos authentication. These services either weren’t congured to
use Kerberos or weren’t included with the earlier version of Mac OS X Server.
If this condition exists, a message about it appears when you connect to the server in
Server Admin. The message appears in the Overview pane when you select the server
(not a service) in the Servers list.