Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
919293949596979899100
The server can also support single sign-on Kerberos authentication for Kerberized
services of other servers on the network. The other servers must be set up to join the
Open Directory Kerberos realm.
For more information, see “Delegating Authority to Join an Open Directory Kerberos
Realm on page 100, and Joining a Server to a Kerberos Realm on page 102.
Important: An Open Directory master requires DNS to be properly congured so it can
provide Kerberos and single sign-on authentication. In addition:
DNS service must be congured to resolve the fully qualied DNS names of all Â
servers (including the Open Directory master) to their IP addresses and to provide
the corresponding reverse lookups. For more information about setting up DNS
service, see Network Services Administration.
The Open Directory master server’s Network preferences must be congured to use Â
the DNS server that resolves the servers name. (If the Open Directory master server
provides its own DNS service, its Network preferences must be congured to use
itself as a DNS server.)
Starting Kerberos After Setting Up an Open Directory Master
If Kerberos doesn’t start when you set up an Open Directory master, you can use
Server Admin to start it manually, but rst you must x the problem that prevented
Kerberos from starting. Usually the problem is that DNS isn’t correctly congured or
isn’t running.
Note: After you manually start Kerberos, users whose accounts have Open Directory
passwords and were created in the Open Directory master’s LDAP directory while
Kerberos was stopped might need to reset their passwords the next time they log in.
A user account is therefore aected only if all recoverable authentication methods for
Open Directory passwords were disabled while Kerberos was stopped.
To start Kerberos manually on an Open Directory master:
1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Open Directory.
4 Click Refresh (or choose View > Refresh) and verify the status of Kerberos as reported
in the Overview pane.
If Kerberos is running, there’s nothing more to do.
98 Chapter 5 Setting Up Open Directory Services