Note: To utilize the following configuration information you must update your computer to Mac OS X Server 10.2.1 or later.
These services support Kerberos Authentication:
- Apple Mail server (AMS)
- Apple File Protocol server (AFP)
- Apple FTP server
- Telnet
- Macintosh Manager Client Logins
Note: This document assumes that you have already have created and deployed the appropriate "edu.mit.Kerberos" and "krb5.keytab" files. For information on this and other basic setup, see these technical documents:
107153: "
Mac OS X 10.2: Information for Using Kerberos"
107154: "
How to Enable Kerberos Authentication for Login Window"
Kerberos for Apple Mail Server
1. Open the Server Settings application.
2. Click the Internet tab.
3. Choose Configure Mail Service from the Mail Service module.
4. Click the General tab in the Configure Mail Service window.
5. Select an authentication method from the Authentication pop-up menu that allows Kerberos authentication. The choice you make depends on your scenario:- Choose Kerberos if you want mail service to require Kerberos authentication for POP, IMAP, and SMTP. In this case, users' mail client software must support Kerberos. If a user's mail client does not support Kerberos, it will not be able to authenticate.
- Choose Any Method if you want to allow but not require the use of Kerberos authentication. A mail client that does not support Kerberos can still use the standard authentication method(s).
6. Click the Save button.
Kerberos for AFP server
1. Open the Server Settings application.
2. Click the File & Print tab.
3. Choose Configure Apple File Service from the Apple module.
4. Click the Access tab in the Configure Apple File Service window.
5. Select an authentication method from the Authentication pop-up menu that allows Kerberos authentication. The choice you make depends on your scenario:- Choose Kerberos if you want the AFP service to require Kerberos authentication for an AFP client to connect. In this case, a user's AFP client software must support Kerberos. If a user's AFP client software does not support Kerberos, it will not be able to authenticate.
- Choose Any Method if you want to allow but not require the use of Kerberos authentication. An AFP client that does not support Kerberos can still use the standard authentication method(s).
6. Click the Save button.
Kerberos for Apple FTP server
1. Open the Server Settings application.
2. Click the File & Print tab.
3. Choose Configure FTP Service from the FTP module.
4. Click the Advanced tab in the Configure FTP Service window.
5. Select an authentication method from the Authentication pop-up menu that allows Kerberos authentication. The choice you make depends on your scenario:- Choose Kerberos if you want the FTP service to require Kerberos authentication for a FTP client to connect. In this case, a user's FTP client software must support Kerberos. If a user's FTP client software does not support Kerberos, it will not be able to authenticate.
- Choose Any Method if you want to allow but not require the use of Kerberos authentication. A FTP client that does not support Kerberos can still use the standard authentication method(s).
6. Click the Save button.
Kerberos for Telnet
To set up Telnet support, edit the /etc/xinetd.d/telnet file to enable Telnet.
Kerberos for Macintosh Manager client logins
If Kerberos Authentication is available for all of your Macintosh Manager users, consider using Kerberos verification for Macintosh Manager users.
Note: By selecting the "Clients must authenticate using Kerberos" option,
all Macintosh Manager client logins will utilize Kerberos. User Accounts that cannot be authenticated via Kerberos will not be able to log in as Macintosh Manager clients.
Follow these steps:
1. Open the Macintosh Manager application.
2. Click the Global tab.
3. Click the Security tab.
4. Select "Clients must authenticate using Kerberos".
5. Click the Save button.
All Macintosh Manager users are now required to authenticate using Kerberos to log in.
Note: Information about products not manufactured by Apple is provided for information purposes only, and does not constitute Apple's recommendation or endorsement. Apple offers these simply as additional resources for its customers. Please contact the vendor for additional information.