Filter
Top Products
Office 2008 Planning
65
Important
When you use an ADAM server to provide GAL access, your Entourage users who are
located outside of corporate network will not be able to browse GAL like an Entourage
user who is connected directly to a Microsoft Windows Server 2003 based Global Catalog
Server inside the corporate network.
Using Entourage 2008 with Kerberos authentication
Entourage 2008 supports Kerberos protocol as a method of authentication with Microsoft
Exchange Server and standalone LDAP accounts. Kerberos protocol uses cryptography to help
provide secure mutual authentication for a network connection between a client and a server, or
between two servers.
Kerberos protocol is based on ticketing. In this scheme, a client must provide a valid user name
and password only once to prove their identity to an authentication server. Then, the
authentication server grants the client strongly encrypted tickets that includes client information
and the session key that expires after a specified period of time. The client then attempts to
decrypt the ticket by using its password. If the client successfully decrypts the ticket, it keeps the
ticket, which is now shared by the client and the server. This decrypted ticket indicates the proof of
the client's identity and is used to authenticate the client. The timestamp included in the ticket
indicates that it's a recently generated ticket and is not a replay attack. If an attacker tries to
capture and decrypt the information in a ticket, the breach will be limited to the current session.
The client can use the same ticket on the network to request other network resources. To use this
ticketing scheme, both the client and the server must have a trusted connection to the domain Key
Distribution Center (KDC).
Mac OS X includes built-in support for Microsoft Kerberos authentication and Active Directory
authentication policies, such as password changes, expiration and forced password changes, as
well as Active Directory replication and failover. By leveraging the Mac OS X Kerberos service,
Entourage 2008 uses the single sign on mechanism to offer better password handling and a
cleaner setup experience.
Kerberos authentication and Entourage
You should determine the type of authentication that your organization's Exchange server uses.
You can use Kerberos protocol or the other supported authentication methods: NTLM, basic
authentication, or forms-based authentication for the Exchange server. In Entourage, you do not
have control over the type of authentication methods that users choose. You should ask your users
to choose Kerberos authentication if your organization's Exchange server uses it and their
computer is connected to the corporate network. For more information about how to set up an
Exchange account in Entourage, see Configuring Exchange accounts in Entoura
ge 2008 in the
Office 2008 Deployment section.