Configuring Single Sign-On for Mac Clients
After successfully binding the Mac server to the Active Directory domain (see the section, “Binding Your Server to Active Directory,”, earlier in this chapter), another step to consider is to implement Kerberos on the server. Kerberos is used by both Active Directory and Open Directory for authentication across various applications so that after a user logs in to the network, the user can access all network assets, such as file servers, for which she has permission without the need for further authentication. Doing away with the need for multiple passwords and authentications is called single sign-on.
Single sign-on in Active Directory works by AD's issuing a ticket when a user logs in to the domain. The ticket represents everything that the user can do. After you log in initially, all other authentication activities are handled automatically by the ticket.
Of course, for single sign-on to work for Mac clients on an Active Directory network, single sign-on must first be implemented in Active Directory. Single sign-on implementation in Active Directory is beyond the scope of this book.
To implement Kerberos and SSO for Mac clients in an Active Directory domain, follow these steps:
- Open Server Admin.
- If necessary, connect to your Mac OS X Server by choosing ServerConnect and entering your server administrator username and password.
- Click ...
Get Mac OS X Lion Server For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
