Lesson 9. Integrating With Kerberos
Now you'll learn about the basic strategies for combining multiple servers and services in a single Kerberos realm. Kerberos is only a piece of the overall puzzle because it handles only authentication, not identification. Integrating Kerberos usually requires a parallel plan for integrating a directory system to hold the user accounts that identify your users. You can use Kerberos with multiple computers running Mac OS X Server, integrate third-party services with Kerberos provided by Mac OS X Server, or integrate services on Mac OS X Server with an existing Kerberos infrastructure. Common scenarios include integrating Kerberos with:
If all your servers are running Mac OS X Server, identification and authorization are already integrated for you. Joining multiple servers to your Open Directory master is straightforward. Active Directory is a complex and sophisticated system similar to Open Directory, but it does provide a standard, predictable model for dealing with authentication and identification. Your biggest challenge will be accommodating nonstandard, customized systems that are unique to a given site, but luckily, Kerberos is flexible enough to be implemented in different ways and Mac OS X Server should provide all the tools you'll need. |