Filter
Top Products
30 Chapter 3 Setting Up Advanced iChat Service Configurations
5 Select “Allow federation with the following domains” to restrict S2S communication to
those servers listed.
You can add or remove domains using the Add (+) or Delete (–) buttons below the list.
The entries can be complete host names or domains (this can be a mix of servers and
domains).
The server software does the rule-matching to see if these domains can interact. Any
domain or host not in the approved list cannot communicate with your iChat server.
6 Click Save.
Integrating with Directory Services
As with other services, iChat authentication is based on Open Directory or any other
Lightweight Directory Access Protocol (LDAP) server bound to the iChat service host.
iChat accesses user accounts through directory services and cannot directly access the
LDAP server. You can also bind your server to other LDAP servers, enabling users on the
other LDAP servers to authenticate with your iChat server.
For more information, see Open Directory Administration.
Setting the iChat Authentication Method
iChat supports three methods of authentication, with Kerberos authentication being
the most secure.
Administrators must use Server Admin to configure an Open Directory master (with
Kerberos enabled) to allow Kerberos authentication. Otherwise, the server can be
configured to use the Kerberos Domain Controller (KDC) on another host. However, the
Kerberos realm hosted by the KDC must match the realm served by the iChat server.
To select an authentication method:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select iChat.
4 Click Settings, then click General.
5 Choose the method of authentication from the Authentication pop-up menu.
 Choose Standard if you want iChat to only accept password authentication.
 Choose Kerberos if you want iChat to only accept Kerberos authentication.
 Choose Any Method if you want iChat to accept password and Kerberos
authentication.
6 Click Save.