Lesson9.Integrating With Kerberos


Lesson 9. Integrating With Kerberos

Time

This lesson takes approximately 2 hours to complete.

Goals

Understand the four common ways that Mac OS X Server can participate in a Kerberos realm to authenticate user accounts

Use Workgroup Manager to add a Kerberos computer record to the Open Directory master server

Use Server Admin to configure a Mac OS X Server computer to join a Kerberos realm already established on an Open Directory master server

Use Server Admin to configure kerberized services running on Mac OS X Server to accept service tickets

Manage, install, and enable keytab files from a third-party Kerberos server on a Mac OS X server

Learn how to address the concern that Kerberos user keys are easily recoverable


Now you'll learn about the basic strategies for combining multiple servers and services in a single Kerberos realm. Kerberos is only a piece of the overall puzzle because it handles only authentication, not identification. Integrating Kerberos usually requires a parallel plan for integrating a directory system to hold the user accounts that identify your users.

You can use Kerberos with multiple computers running Mac OS X Server, integrate third-party services with Kerberos provided by Mac OS X Server, or integrate services on Mac OS X Server with an existing Kerberos infrastructure. Common scenarios include integrating Kerberos with:

  • Multiple servers running Mac OS X Server to provide a SSO environment for all your servers and services

  • Mac OS X Server with an existing Active Directory server that provides Kerberos and directory service

If all your servers are running Mac OS X Server, identification and authorization are already integrated for you. Joining multiple servers to your Open Directory master is straightforward. Active Directory is a complex and sophisticated system similar to Open Directory, but it does provide a standard, predictable model for dealing with authentication and identification. Your biggest challenge will be accommodating nonstandard, customized systems that are unique to a given site, but luckily, Kerberos is flexible enough to be implemented in different ways and Mac OS X Server should provide all the tools you'll need.




Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net