Apple Mac OS Benutzerhandbuch

    Setting Up Advanced iChat Service Configurations 

 

Select “Allow federation with the following domains” to restrict S2S communication to 
those servers listed. 

You can add or remove domains using the Add (+) or Delete (–) buttons below the list.

The entries can be complete host names or domains (this can be a mix of servers and 
domains). 

The server software does the rule-matching to see if these domains can interact. Any 
domain or host not in the approved list cannot communicate with your iChat server.

Click Save.

As with other services, iChat authentication is based on Open Directory or any other 
Lightweight Directory Access Protocol (LDAP) server bound to the iChat service host.

iChat accesses user accounts through directory services and cannot directly access the 
LDAP server. You can also bind your server to other LDAP servers, enabling users on the 
other LDAP servers to authenticate with your iChat server.

For more information, see Open Directory Administration.

iChat supports three methods of authentication, with Kerberos authentication being 
the most secure.

Administrators must use Server Admin to configure an Open Directory master (with 
Kerberos enabled) to allow Kerberos authentication. Otherwise, the server can be 
configured to use the Kerberos Domain Controller (KDC) on another host. However, the 
Kerberos realm hosted by the KDC must match the realm served by the iChat server.

Open Server Admin and connect to the server.

Click the triangle to the left of the server.

The list of services appears.

From the expanded Servers list, select iChat.

Click Settings, then click General.

Choose the method of authentication from the Authentication pop-up menu.

 Choose Standard if you want iChat to only accept password authentication.
 Choose Kerberos if you want iChat to only accept Kerberos authentication.
 Choose Any Method if you want iChat to accept password and Kerberos 

authentication.

Click Save.