3. 3
1 Contents
Preface 5 About This Guide
5 iChat Services Overview
6 What’s New in Version 10.5
6 What’s in this Guide
6 Using this Guide
7 Using Onscreen Help
7 Advanced Server Administration Guides
9 Viewing Onscreen PDF Guides
9 Printing PDF Guides
9 Getting Documentation Updates
9 Getting More Information
Chapter 1 11 Understanding iChat
11 How Chatting Promotes Collaboration
12 How iChat Service Works
13 How iChat Users are Authenticated
13 Instant Messaging in Small- to Medium-Sized Organizations
14 Instant Messaging in Large Organizations
14 Tools for Managing iChat Service
14 Server Admin
15 Workgroup Manager
15 Command-Line Tools
Chapter 2 17 Configuring iChat Service
17 Planning iChat Service
17 Before You Use iChat Service
17 Understanding iChat Service Screen Names
18 Adding an Account to iChat
18 Using Other Chat Applications
18 Setting up iChat Service
19 Managing iChat Service
19 Defining iChat Service Access
20 Using SSL for iChat Service
4. 4 Contents
20 Changing iChat Service Settings
20 Implementing the iChat Service Configuration File
21 Logging iChat Sessions
21 Viewing iChat Service Logs
22 Auto-buddy Support
22 Backing Up the iChat Server
23 Restoring the iChat Server
Chapter 3 25 Setting Up Advanced iChat Service Configurations
25 Setting Access Control for iChat Service
26 Using Other Instant Messaging Servers with iChat
26 Enabling or Disabling Server-to-Server Communication in a Standard Configuration
26 Enabling or Disabling Server-to-Server Communication in an Advanced
Configuration
27 Linking More than One Chat Server (S2S)
27 Setting Up Linking Using Server Preferences
27 Setting Up Linking Using Server Admin
27 Securing Server-to-Server Connections
27 Enabling Communication with Other XMPP-Compliant Servers
28 Choosing the Certificate to Use for Server-to-Server TLS
28 Configuring an Approved List
29 Integrating with Directory Services
29 Using Kerberos for iChat Single Sign-On
29 Using SSL for iChat
30 Selecting a Certificate
30 Using a Custom Certificate
30 Setting Up iChat Service for Virtually Hosted Domains
Glossary 33
Index 41
5. 5
Preface
About This Guide
iChat Services Overview
Instant messaging involves live interactions between computer users exchanging text,
pictures, audio, and video. Instant messaging is also known as chatting, because of its
spontaneous, conversation-like qualities. iChat is the Apple instant messaging service
that promotes real-time communication and information-sharing between diverse user
groups.
This guide provides instructions for setting up, configuring,
and administering iChat services on Mac OS X Server.
Mac OS X Server version 10.5 includes iChat service administration in its suite of
services. iChat service administration is preinstalled on Apple servers.
iChat Service Administration provides information about:
 Setting up iChat service
 Planning iChat service
 Managing iChat service
 Setting access control for iChat service
 Using other instant messaging servers with iChat
 Linking more than one chat server (S2S)
 Securing server-to-server connections
 Integrating with directory services
 Using Kerberos for iChat single-sign-on
 Using SSL for iChat
 Setting up iChat service for virtually hosted domains
6. 6 Preface About This Guide
What’s New in Version 10.5
iChat service administration is included in Mac OS X Server version 10.5, and provides
the following additions and enhancements from previous versions:
 Server-to-server iChat service
 Server Admin UI upgrades
 Jabber2 process support
 Kerberos support
 Auto-buddy support
 Chat service monitoring and diagnostics support
 Chat server backup and restore
 Client chat transcript archiving
What’s in this Guide
This guide includes the following chapters:
 Chapter 1,“Understanding iChat,” highlights key concepts and provides basic
information about iChat messaging in action, iChat messaging in organizations, and
overviews of the iChat service.
 Chapter 2,“Configuring iChat Service,” describes how to set up your iChat service for
the first time, and manage iChat settings and components.
 Chapter 3,“Setting Up Advanced iChat Service Configurations,” provides advanced
instructions for setting up iChat service server connections and configuration.
 The Glossary defines terms you’ll encounter as you read this guide.
Note: Because Apple frequently releases new versions and updates to its software,
images shown in this book might be different from what you see on your screen.
Using this Guide
Chapters in this guide are arranged in the order that you’re likely to need them when
setting up Mac OS X Server to provide iChat services.
 To acquaint yourself with basic concepts and components, see “Understanding
iChat”, on page 11.
 To set up and configure iChat, see “Configuring iChat Service”, on page 17.
 For advanced configuration information, see “Setting Up Advanced iChat Service
Configurations”, on page 25.
7. Preface About This Guide 7
Using Onscreen Help
You can get task instructions onscreen in Help Viewer while you’re managing Leopard
Server. You can view help on a server or an administrator computer. (An administrator
computer is a Mac OS X computer with Leopard Server administration software
installed on it.)
To view onscreen help for a Leopard Server advanced configuration:
m Open Server Admin or Workgroup Manager and then choose from the following:
 To search for a task you want to perform, use the Help menu.
 To browse and search help topics, choose Help > Server Admin, or Help > Workgroup
Manager.
Server Admin and Workgroup Manager help contain instructions taken from Server
Administration and other advanced administration guides described in “Advanced
Server Administration Guides”, on page 7.
To see the latest help topics:
m Make sure the server or administrator computer is connected to the Internet while
you’re getting help.
To see more than one help topic simultaneously:
1 In Help Viewer, choose File > New Window.
2 Drag a topic link to the new Help Viewer window from another Help Viewer window.
Help Viewer retrieves and caches the latest server help topics from the Internet. When
not connected to the Internet, Help Viewer shows cached help topics.
Advanced Server Administration Guides
Getting Started covers basic installation and initial setup methods for a standard,
workgroup, or advanced configuration of Mac OS X Server version 10.5. An advanced
guide, Server Administration, covers advanced planning, installation, setup, and more. A
suite of supplementary guides, listed below, covers advanced planning, setup, and
management of individual services. You can obtain these guides in PDF format from
the Mac OS X Server documentation website:
www.apple.com/server/documentation
This guide... tells you how to:
Getting Started and Mac OS X
Server Worksheet
Install Mac OS X Server and set it up for the first time
Command-Line Administration Install, set up, and manage Mac OS X Server using UNIX command-
line tools and configuration files
File Services Administration Share selected server volumes or folders among server clients
using the AFP, NFS, FTP, and SMB protocols
8. 8 Preface About This Guide
iCal Service Administration Create and share calendars for use with either iCal or Mozilla
Calendar
iChat Service Administration Set up, configure, and administer tasks for iChat (instant
messaging) services on Mac OS X Server
Mac OS X Security Configuration Make Mac OS X computers (clients) more secure, as required by
enterprise and government customers
Mac OS X Server Security
Configuration
Make Mac OS X Server and the computer it’s installed on more
secure, as required by enterprise and government customers
Mail Service Administration Set up and manage IMAP, POP, and SMTP mail services on the
server
Network Services Administration Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall,
NAT, and RADIUS services on the server
Open Directory Administration Set up and manage directory and authentication services, and
configure clients to access directory services
Podcast Producer Administration Set up and manage Podcast Producer service to record, process,
and distribute podcasts
Print Service Administration Host shared printers and manage their associated queues and print
jobs
QuickTime Streaming and
Broadcasting Administration
Capture and encode QuickTime content. Set up and manage
QuickTime streaming service to deliver media streams live or on
demand
Server Administration Perform advanced installation and setup of server software, and
manage options that apply to multiple services or to the server as a
whole
System Imaging and Software
Update Administration
Use NetBoot, Network Install, and Apple Software Update to
automate the management of operating system and other
software used by client computers
Upgrading and Migrating Use data and service settings from an earlier version of Mac OS X
Server, AppleShare IP, or Windows NT
User Management Create and manage user accounts, groups, and computers. Set up
managed preferences and managed network views for Mac OS X
clients
Web Technologies Administration Set up and manage web technologies, including web, blog,
webmail, wiki, MySQL, PHP, PubSub, Ruby on Rails, and WebDAV
Xgrid Administration and High
Performance Computing
Set up and manage computational clusters of Xserve systems and
Mac computers
Mac OS X Server Glossary Learn about terms used for server and storage products
This guide... tells you how to:
9. Preface About This Guide 9
Viewing Onscreen PDF Guides
When reading the PDF version of a guide on screen:
 Show bookmarks to see the guide’s outline, and then click a bookmark to jump to
the corresponding section.
 Search for a word or phrase to see a list of places where it appears in the document.
Click a listed place to see the page where the word or phrase occurs.
 Click a cross-reference to jump to the referenced section. Click a web link to visit the
website in your browser.
Printing PDF Guides
If you want to print a guide you can:
 Save ink or toner by not printing the cover page.
 Save color ink on a color printer by printing in gray, or black and white (choose this
option in the Print dialog).
 Maximize the image on the printed page by setting the scale to 122 percent in the
Page Setup dialog.
 Reduce the bulk of the printed document and save paper by printing more than one
page per sheet of paper. In the Print dialog, choose Layout from the pop-up menu. If
your printer supports two-sided (duplex) printing, select one of the Two-Sided
options. Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally
choose Single Hairline from the Border menu.
Getting Documentation Updates
Periodically, Apple posts revised help pages and new editions of guides. Some revised
help pages update the latest editions of the guides.
 To view new onscreen help topics, make sure your server or administrator computer
is connected to the Internet.
 To download the latest guides in PDF format, go to the Mac OS X Server
documentation website:
www.apple.com/server/documentation
Getting More Information
For more information, consult these resources:
 Read Me documents—important updates and special information. Look for them on
the server discs.
 Mac OS X Server website (www.apple.com/macosx/server)—gateway to extensive
product and technology information.
10. 10 Preface About This Guide
 Apple Service & Support website (www.apple.com/support)—access to hundreds of
articles from Apple’s support organization.
 Apple customer training (train.apple.com)—instructor-led and self-paced courses for
honing your server administration skills.
 Apple discussion groups (discussions.info.apple.com)—a way to share questions,
knowledge, and advice with other administrators.
 Apple mailing list directory (www.lists.apple.com)—subscribe to mailing lists so you
can communicate with other administrators using email.
 The website (jabberd.jabberstudio.org)—provides information about the open
source project that uses the Jabber/XMPP protocol, a protocol supported by iChat.
jabberd is the software that Apple uses for implementing the Jabber protocol.
"Jabber" is a trademarked term given to the XMPP protocol by the Jabber Software
Foundation.
11. 1
11
1 Understanding iChat
Mac OS X iChat service provides secure instant messaging for
users supported by Mac OS X Server.
iChat service supports the transfer of data through instant messaging—a real-time
interaction between computer users.
How Chatting Promotes Collaboration
Chatting is a way to collaborate in real time, without the delay of email responses and
weblog postings, or the expense of telephone communication and face-to-face
meetings. This collaboration might include:
 Brainstorming solutions, making plans, reporting progress, and exchanging design
images
 Exchanging weblinks and files for use as real-time references, or for follow-up
viewing
 Automatically generating iChat transcripts when you want a written record of
interactions without the distraction of taking notes
 Conducting weekly staff or project meetings via iChat, which can also facilitate
collaboration among geographically-dispersed team members
 Using built-in computer microphones for audio chat
 Using video cameras for videoconferencing, a direct, personal, and engaging form of
collaboration.
12. 12 Chapter 1 Understanding iChat
How iChat Service Works
The Mac OS X Server iChat service provides a secure way for users and groups on a
server to chat.
iChat service provides person-to-person instant messaging and chat-room services via
the standard Extensible Messaging and Presence Protocol (XMPP) found in many
instant-messaging servers such as Google Talk, Wildfire, and Jabber.
The core of iChat service is the open source Jabber v2.0, which provides user-presence
information (status, icons, and so on) and basic text-message exchange between
individual users or groups of users (via chat rooms). The iChat service chat-room
features are provided transparently by the Jabber mu--conference module.
Apple uses the jabberd software, which implements the Jabber protocol. Jabber is a
trademarked term given to this XMPP protocol by the Jabber Software Foundation.
iChat service provides peer-file transfer between users that can’t establish direct
connections to a network because of intervening firewalls that block such connections.
In the case of firewalls, iChat service acts as a file-transfer proxy, using the Jabber
Proxy65 module.
To access messaging and file transfer services, users connect to an iChat service from
various compatible instant messaging (IM) applications such as Apple iChat. Once
connected, users can receive information about the status of other subscribed users,
exchange messages with individual users or groups of users (via chat rooms), or
exchange files with individual users.
Additionally, users can send messages to offline users. These messages are held by
iChat service and delivered when the offline user connects to the server.
iChat service also "federates" with other iChat servers or any XMPP-compliant service
(such as Google Talk) using the server-to-server (S2S) capabilities of the XMPP protocol.
This allows users with accounts on iChat servers to exchange text messages or files
with users whose accounts are maintained outside their local network infrastructure, as
long as those servers are accessible via the Internet.
To communicate with outside servers, iChat service uses a program called s2s, part of
the suite of programs that comprise the Jabber v2.0 server, to establish mutual
connections with the outside server.
iChat service can be configured to require that s2s sessions be encrypted, and to block
s2s sessions with servers that do not support encryption. For encrypted sessions to be
established, both servers must possess public key certificates, either self-signed or
issued by a recognized Certificate Authority (CA).
13. Chapter 1 Understanding iChat 13
Mac OS X Server includes a preinstalled, default, self-signed certificate, and accepts self-
signed certificates from other servers. Depending on the XMPP software vendor at the
other end of the s2s connection, a certificate from a trusted authority might need to be
installed on the server before s2s sessions can be established.
For more information about setting up security, see Mac OS X Security Configuration.
How iChat Users are Authenticated
To use iChat service on a specific server, users must be defined in directories that the
server uses to authenticate users. In addition, iChat service uses SSL (Secure Sockets
Layer) to protect the privacy of users while they chat. The following describes the
process of iChat user authentication:
Step 1: Initiating a chat
To start a chat with another user, it is necessary to first know the user’s short name as
well as a domain name that iChat service is configured to use.
Step 2: Verifying identity
iChat service verifies the identity of users by using Open Directory authentication.
Users are authenticated only if they’re defined in a directory domain in the server’s
Open Directory search path.
Step 3: Authorizing the user
iChat service also makes sure that users are authorized to use the service. The server
administrator can optionally deny access to specific users.
Step 4: Processing URLs
Users can send files and URLs back and forth, making it easy to jointly review
information. Because URLs are text, they are passed as normal messages by themselves,
or in the body of larger text messages. What is special about URLs is that they are
recognized and handled differently when displayed in the chat window. Files,
conversely, are not text, and are handled through an entirely different exchange that
requires the receiving user to approve the file transfer before it can occur.
Step 5: Recording a chat
Optionally, a transcript of chats can be recorded and saved for later use.
Instant Messaging in Small- to Medium-Sized Organizations
For instant messaging in small- to medium-sized organizations, you must choose the
Standard Configuration during server installation.
Apple recommends that you use Server Preferences to administer iChat services. If you
want to use the Auto-buddy feature of iChat service, you must choose Standard
Configuration and use Server Preferences when adding or deleting users.
14. 14 Chapter 1 Understanding iChat
If you want to use Server Admin for more advanced configuration of iChat services, see
“Enabling or Disabling Server-to-Server Communication in an Advanced Configuration”,
on page 26.
Instant Messaging in Large Organizations
You can configure iChat service features individually using Advanced Configuration. For
more details on these features, see “Setting Up Advanced iChat Service Configurations”,
on page 25.
Server Admin offers additional options for securing server-to-server communication.
For more information, see “Securing Server-to-Server Connections”, on page 27.
When the server-to-server federation is enabled, communication with most other
XMPP-compliant chat servers is also established, including the ability to federate with
Google Talk. To allow servers on different networks to communicate, administrators
must configure DNS, NAT, and firewalls, as needed.
Tools for Managing iChat Service
The Workgroup Manager and Server Admin applications provide a graphical interface
for managing iChat service in Mac OS X Server. In addition, you can manage iChat
service from the command line using Terminal.
These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.5 or later, making that computer an administrator
computer. For more information about setting up an administrator computer, see the
server administration chapter of Getting Started.
Server Admin
The Server Admin application provides tools to help you set up, manage, and monitor
iChat service and other services. Use Server Admin to:
 Set up Mac OS X Server as an iChat server. For instructions, see “Setting up iChat
Service”, on page 18.
 Manage and monitor iChat service. For instructions, see “Managing iChat Service”, on
page 19.
For more information about using Server Admin, see Server Administration. This
includes information such as:
 Opening and authenticating in Server Admin
 Working with specific servers
 Administering services
 Using SSL for remote server administration
15. Chapter 1 Understanding iChat 15
 Customizing the Server Admin environment
Server Admin is installed in the /Applications/Server/ folder.
Workgroup Manager
The Workgroup Manager application provides comprehensive management of
Mac OS X Server clients. Use Workgroup Manager to set up and manage access control.
For instructions, see “Setting Access Control for iChat Service”, on page 25.
For basic information about using Workgroup Manager, see User Management. This
includes information such as:
 Opening and authenticating in Workgroup Manager
 Administering accounts
 Customizing the Workgroup Manager environment
Workgroup Manager is installed in the /Applications/Server/ folder.
Command-Line Tools
A full range of command-line tools are available for administrators who prefer using
command-driven server administration. For remote server management, submit
commands in a Secure Shell (SSH) session. You can enter commands on Mac OS X
servers and computers using the Terminal application, located in the
/Applications/Utilities/ folder.
For more information about command-line tools, see Command-Line Administration.
17. 2
17
2 Configuring iChat Service
This chapter tells you how to set up and configure iChat
service for both standard and advanced configurations.
The procedures in this chapter help you perform the initial iChat service setup, and
provides information about using, managing, and administering iChat service.
Planning iChat Service
This section provides information for users of the iChat service.
Before You Use iChat Service
To use iChat service running on a specific server to chat with another user:
 You must be defined in the Open Directory search path of that server
 You must be authorized to use iChat service on that server
Once you are logged in to iChat service, you can chat with any user who possesses a
Jabber ID, and who is reachable using server-to-server federation, when it is enabled.
For more information about search paths and iChat service authentication, see
“Defining iChat Service Access”, on page 19.
Understanding iChat Service Screen Names
To use iChat service, you must have a Jabber ID, and know the Jabber IDs of everyone
you want to chat with using iChat service.
The iChat service screen names are actually Jabber IDs, and use the general format
user-short-name@iChat-domain-name (nancy@ichat.example.com).The user-short-name
is the short name of a user defined in the Open Directory search path of the server
hosting iChat service. The iChat-domain-name identifies the server hosting iChat
service.
18. 18 Chapter 2 Configuring iChat Service
Adding an Account to iChat
To use iChat to chat with other iChat service users, you must set up an iChat service
account by adding a Jabber account in iChat.
You can use the iChat > Preferences pane to create your account when you first run
iChat and enter the initial setup information. See iChat help for instructions.
Since all buddy lists are saved on the server, they’re available anytime from anywhere
you start an iChat service session.
Using Other Chat Applications
iChat service supports instant messaging applications on Windows, Linux, and popular
Personal Digital Assistants (PDAs) that support the Jabber protocol.
Setting up iChat Service
Use Server Admin to configure and activate iChat service. To successfully start iChat
service, you must specify a DNS for the service.
If no DNS is provided, the service starts, but is immediately terminated. The system log
file indicates that jabberd has exited with return code 1, and then was reopened
repeatedly until the number of retries was exceeded.
To configure Server Admin to support iChat service for the first time:
1 Open Server Admin and connect to the server.
2 If the server where you want iChat service to run isn’t listed in the Servers list, click
Connect to connect with the server.
3 Choose the server from the list.
4 Make sure that the port used by iChat service is enabled.
Under the selected server, click Firewall to make sure that the firewall service is
running.
Click Settings, and then click Services. Choose the address group from the Edit Services
for pop-up menu. If the first radio button is selected, all traffic from addresses in the
selected group can access iChat service. If the second radio button is selected, make
sure you make selections in the Allow column for iChat service.
See Network Services Administration for information about the firewall service and
settings.
5 Under the selected server in the Servers list, click iChat, and then click Settings.
The Host Domains field designates the domain names that you want iChat service to
support. Initially, the server host name is shown. You can then add other names that
resolve to the iChat service IP address, such as aliases defined in DNS.
19. Chapter 2 Configuring iChat Service 19
Host domains are used to construct Jabber IDs, which identify iChat service users. An
example of a Jabber ID is nancy@example1.apple.com.
6 From the SSL Certificate pop-up menu, choose a Secure Sockets Layer (SSL) certificate
that you want iChat service to use. The menu lists all SSL certificates that have been
installed on the server.
7 From the pop-up menu, choose Custom Configuration. A window prompting you to
enter paths to a custom certificate and private key is displayed. You can enter a
passphrase if the private key is encrypted. From this window you can also manage
certificates.
8 When you have populated the fields specifying Certificate File, Private Key File,
Certificate Authority File, and Private Key Passphrase, click OK to activate your custom
certificate.
9 Click the Edit button to import a different certificate.
See Mail Service Administration for information about defining, obtaining, and installing
certificates on your server.
10 Click Save, and then click the Start iChat button to start the iChat service.
11 Make sure that the iChat service Open Directory search path includes directories where
the users and group members that you want to enable iChat service for are defined.
Open Directory Administration explains how to set up search paths.
Users or group members defined in the Open Directory search path are now
authorized to use iChat service on the server, unless you deny them access to iChat
service as described in “Defining iChat Service Access”, on page 19.
Managing iChat Service
This section describes tasks that server administrators use to manage iChat service.
Defining iChat Service Access
You can control who uses iChat service by using Open Directory authentication and
iChat service access settings.
If you want to enable iChat service for a user:
 Make sure they are a user or member of a group that’s defined in the Open Directory
search path of the iChat service.
 Make sure the user has iChat service access. To grant or deny a user access to iChat
service, open Server Admin, and then choose the server address from the Servers list.
Click the Access Control icon in the toolbar.
20. 20 Chapter 2 Configuring iChat Service
Using SSL for iChat Service
To maximize the privacy of chats, iChat service uses SSL, which uses a digital certificate
to validate the identity of the server, and establish secure, encrypted data exchange.
The digital certificate can be a self-signed certificate or a certificate imported from a
certificate authority. See Mail Service Administration for information about defining,
obtaining, and installing certificates on your server.
Although you must identify an SSL certificate for iChat service to use the first time you
set up iChat service, you can use a different certificate later.
To identify an SSL certificate for use by iChat service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat. Click Settings.
4 From the SSL Certificate pop-up menu, choose the certificate you want iChat service to
use. The menu lists all SSL certificates that have been installed on the server.
To use a certificate not listed in the pop-up menu, select Custom Configuration. After
you select Custom Configuration, a window is displayed, prompting you to enter paths
to a custom certificate and private key. If the private key is encrypted, you can enter a
passphrase. From this window you can also manage certificates.
When you have populated the fields for Certificate File, Private Key File, Certificate
Authority File, and Private Key Passphrase, click OK to activate your custom certificate.
5 Click Save.
Changing iChat Service Settings
You can use Server Admin to change iChat service settings.
To change iChat service settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat. Click Settings.
4 To disable or enable iChat service, click Stop iChat or Start iChat.
5 Change Authentication or SSL Certificate information as required.
6 When you’re finished making changes, click Save.
Implementing the iChat Service Configuration File
Apple uses software called jabberd, that implements the Jabber protocol.
21. Chapter 2 Configuring iChat Service 21
Jabber is an open source software implementation of the Internet standard XMPP
protocol, and is one of several XMPP implementations, such as Google Talk, Wildfire,
and eJabber.
XMPP is the Internet standard protocol used by Jabber to provide communications
between clients running on a variety of operating systems. iChat service, based on
Jabber version 2.0, supports the XMPP standard to provide interoperability with
compatible servers from other vendors.
iChat service configuration settings are stored in configuration files, in the following
directories, that correspond to the main jabberd process and to each of its component
processes:
 jabberd2 (startup script) – /etc/jabberd/jabberd.cfg
 router (inter-module message routing) – /etc/jabberd/router.xml
 resolver (domain resolution) – /etc/jabberd/resolver.xml
 sm (session manager) – /etc/jabberd/sm.xml
 c2s (client-to-server communications) – /etc/jabberd/c2s.xml
 s2s (server-to-server communications) – /etc/jabberd/s2s.xml
These files define settings for the Jabber server and the XMPP protocol features
supported by Jabber.
Logging iChat Sessions
Use Server Admin to configure iChat to automatically save chat messages in a location
of your choice, and to set how often to archive the message log.
To setup the iChat service logging:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat. Click Settings.
4 Click the Logging button.
5 From the Logging window, you can specify if you want to automatically save chat
messages, where you want to save them, and how often to archive the message log.
Archiving saves disk space by compressing older message logs. The compressed
message archives are saved indefinitely until removed by the administrator.
Viewing iChat Service Logs
You can view the iChat service logs using Server Admin.The iChat service log is located
in the /var/log/system.log folder.
22. 22 Chapter 2 Configuring iChat Service
To view the iChat service log:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat.
4 Click Logs, and then choose a log from the View pop-up menu.
The iChat service log records iChat service administrator actions performed using
Server Admin or the serveradmin command-line tool. This log is located in /var/log/
system.log. You can also view the File Proxy Log (located in private/var/jabberd/log/
proxy65.log), and the Multiuser Conference Log, which records multi-user conference
records (located in the file /var/jabberd/log/jcrlog).
Auto-buddy Support
As user accounts are added through Server Preferences, they automatically become
buddies. When they are removed, they are automatically deleted from the buddies list.
Auto-buddy support is only available if the server is installed as a Standard
configuration. Auto-buddy support is located in Server Preferences.
To enable Auto-buddy support:
1 Open the Server Preferences application. Click the iChat button. The Auto-buddy
support is one of three checkboxes.
2 Click the "Automatically make all users buddies" checkbox in Server Preferences.
Backing Up the iChat Server
Use the Time Machine service to backup iChat service data. Time Machine is accessed
through Server Preferences in the Standard Configuration.
To back up the iChat Server:
1 In Server Preferences, click the Time Machine button.
2 Configure Time Machine for regular backups. By clicking Choose, you can select a
backup destination. You can also choose to Skip system files in your backup, to Encrypt
backup data with user’s password, or to automatically delete older backup files. The
options are 2 weeks, 1 month, 3 months, 6 months, or 1 year.
Time Machine backs up data for all services including iChat service, and can be
configured during server installation.
23. Chapter 2 Configuring iChat Service 23
Restoring the iChat Server
To restore the iChat server, use the Time Machine service to perform a backup restore.
You can access this feature through Server Preferences. Apple recommends that you
use Server Preferences to administer all services, including iChat service. You can use
Server Admin to perform a more advanced configuration of iChat service. See “Setting
Up Advanced iChat Service Configurations”, on page 25.
Important: Time Machine restores the entire server. If your last server backup is less
current than the iChat configuration, the restored iChat will be more current than the
server configuration.
The Backup and Restore functions for services works regardless of whether the
administrator has chosen to back up the entire server or just the user’s home folders.
The Time Machine service must be enabled for backups to work, including service data
backups.
When backing up an entire server, all hard drive contents are backed up. Separately,
each service backup script is executed to perform data conversions required to make
the restore process smoother and less server-dependent.
When restoring an entire server, the contents of the hard drives are also restored. The
service restore scripts are then called to perform custom service data restores on top of
the hard-drive restore.
For backups of user data only, the service backup and restore scripts are called at the
appropriate time to perform their functions, but the entire system is not backed up nor
restored.
25. 3
25
3 Setting Up Advanced iChat
Service Configurations
This chapter tells you how to customize iChat service for both
standard and advanced configurations.
iChat service provides a number of advanced configuration options:
 Controlling access to iChat service
 Communicating with other instant messaging servers
 Linking more than one chat server (S2S)
 Securing server-to-server connections
 Integrating with directory services
 Using Kerberos for iChat single sign-on
 Using SSL for iChat
 Setting up iChat service for virtually hosted domains
Setting Access Control for iChat Service
User sessions are authenticated through the Apple Open Directory system (CRAM-MD5
or plain-text passwords), or optionally through Kerberos v5 authentication. Server
Admin allows you to configure service access control lists (SACLs) so you can specify
which users and groups have access to AFP, FTP, and SMB file services.
Using SACLs, you can add another layer of access control on top of standard POSIX and
ACL permissions. Only users and groups listed in SACL have access to its corresponding
service. For example, if you want to prevent users from accessing a server’s AFP share
points (including home folders), remove the users from the AFP services SACL.
Additionally, iChat service requires that authenticated users belong to the iChat SACL.
In the Standard Configuration, users created in the Server Preferences application are
automatically added to the iChat SACL.
In the Advanced Configuration, users created in Workgroup Manager must be added to
the iChat SACL (using Server Admin), before they can log into the iChat service.
26. 26 Chapter 3 Setting Up Advanced iChat Service Configurations
Using Other Instant Messaging Servers with iChat
In a Standard Configuration, you can enable server-to-server communication through
Server Preferences. In an Advanced Configuration, use Server Admin to configure an
expanded set of options for server-to-server communications.
Ideally, any server can allow server-to-server communications, as long as it is XMPP-
compliant, accessible to the Internet, and not behind a firewall.
These additional server-to-server settings are available through Server Admin or Server
Preferences.
Enabling or Disabling Server-to-Server Communication in a Standard
Configuration
Use Server Preferences to enable or disable server-to-server communication in the
Standard Configuration.
To enable or disable server-to-server communication:
1 Open the Server Preferences application. Click the iChat button.
2 Select or deselect the "Enable server-to-server communication" checkbox.
Enabling or Disabling Server-to-Server Communication in an
Advanced Configuration
Use Server Admin to establish server-to-server communication in the Advanced
configuration.
To enable or disable server-to-server communication:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat. Click Settings
4 Select or deselect "Enable XMPP server-to-server federation".
Server Admin offers additional options for securing server-to-server communication.
For more information, see “Securing Server-to-Server Connections”, on page 27.
When the server-to-server federation is enabled, communication with most other
XMPP-compliant chat servers is enabled, including the ability to federate with Google
Talk.
To establish communication between servers on different networks, administrators
must configure DNS, NAT, and firewalls, as needed.
27. Chapter 3 Setting Up Advanced iChat Service Configurations 27
Linking More than One Chat Server (S2S)
In a Standard Configuration, you can link to more than one chat server by enabling
server-to-server communications in Server Admin or Server Preferences.
Setting Up Linking Using Server Preferences
Using Server Preferences, you can link more than one chat server.
To set up linking:
1 Open the Server Preferences application.
2 Click the iChat button. Select "Enable server-to-server communication".
Setting Up Linking Using Server Admin
Using Server Admin, you can link more than one chat server.
To set up linking:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat.
4 Select "Enable XMPP server-to-server federation" to enable server-to-server
communication.
5 Server Admin offers additional options for securing server-to-server communication.
When enabled, this feature allows communication with most XMPP-compliant chat
servers.
Securing Server-to-Server Connections
Using Server Admin, you can take advantage of additional options for securing server-
to-server communications. These options include filtering domains where servers are
matched against a given list. However, these security options are only available in the
Advanced Configuration. In the Standard Configuration, the connections are
established by default.
Enabling Communication with Other XMPP-Compliant Servers
Using Server Admin, you can enable server-to-server communication with other XMPP-
compliant servers.
To enable server-to-server communication:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
28. 28 Chapter 3 Setting Up Advanced iChat Service Configurations
3 Click iChat.
4 To enable server-to-server connections with other XMPP-compliant servers from Apple
or other vendors, click the "Enable XMPP server-to-server federation" checkbox.
5 Click "Require secure server-to-server federation". This will restrict server-to-server
communications and allow only iChat service to connect with servers that support
encrypted connections through SSL/TLS. This means that only servers that support TLS
are allowed to communicate with your iChat server.
Choosing the Certificate to Use for Server-to-Server TLS
Using Server Admin, you can select a certificate for server-to-server communication.
To select a certificate:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat.
4 Open the SSL Certificate pull-down menu.
5 Select a specific certificate from the pull-down menu. You can choose Custom
Configuration or Default. From this menu, you can also manage certificates. See
“Selecting a Certificate”, on page 30.
Configuring an Approved List
Server Admin offers the option of configuring an approved list for server-to-server
communication, where only host names and domains that are listed in the text box are
allowed to communicate with your server.
To configure an approved list:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat.
4 To enable the approved list feature, select "Allow federation with the following
domains:"
5 The entries can be either complete host names or domains. You can add names to the
list (this can be a mix of servers and domains). The server software does the rule-
matching to see if these domains can interact. Any domain or host not in the approved
list cannot communicate with your iChat server.
29. Chapter 3 Setting Up Advanced iChat Service Configurations 29
Integrating with Directory Services
As with other services, iChat authentication is based on Open Directory or any other
LDAP server bound to the iChat service host.
When the server is configured in a Standard Configuration, a local Open Directory
master is created and used for iChat service authentication. iChat service accesses user
accounts through directory services and Open Directory, and cannot access the LDAP
server directly.
You can also bind your server to LDAP servers on other systems, enabling other LDAP
server users to authenticate with your iChat server.
Using Kerberos for iChat Single Sign-On
iChat service supports Kerberos authentication. In a Standard Configuration, the local
Open Directory master includes a KDC (Kerberos Domain Controller) that allows users
who are stored in the local Open Directory service to log into iChat service.
You can’t change iChat service authentication settings using Server Preferences. By
default, Kerberos and standard authentication (password-based) is allowed.
In the Advanced Configuration, administrators must use Server Admin to configure an
Open Directory master (with Kerberos enabled), to allow Kerberos authentication.
Otherwise the server can be configured to use KDC on another host. However, the
Kerberos realm hosted by the KDC must match the realm served by the iChat server.
To select an authentication method:
1 Open Server Admin. Click Settings.
2 Use the Authentication pull-down menu to select from the following authentication
methods:
 Any Method—enables either Kerberos or password-based authentication
 Standard—enables only password-based authentication
 Kerberos—enables only Kerberos authentication
Using SSL for iChat
When using SSL for iChat, the client determines how to connect to the server.
Jabber provides two ports:
 5222 accepts TLS encryption
 5223 accepts SSL
30. 30 Chapter 3 Setting Up Advanced iChat Service Configurations
Selecting a Certificate
You can select your own certificate when using SSL for iChat. By default, iChat selects a
port automatically, using a preinstalled, self-signed SSL certificate. You can also select
your own certificate.
To select a certificate:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 Click iChat.
4 From the SSL Certificate pull-down menu, select a new certificate.
The selected certificate is used for client/server communications on ports 5222 and
5223, and for server-to-server communications.
Using a Custom Certificate
Certificates can be added to the certificate list later using the Server Admin Certificates
utility.
To add a custom certificate:
1 Purchase a certificate from a trusted certificate authority and install it using Server
Admin.
2 In the iChat service settings, select the certificate. Some chat clients do not allow self-
signed certificates, or display a warning before accepting one.
Setting Up iChat Service for Virtually Hosted Domains
iChat service requires that your host have a host name to be used as the jabber "realm"
by the iChat server, and your host have a host name that is resolvable using DNS. This
host name is used as the jabber realm by the iChat server, and clients use this realm to
connect to the service.
Clients use a Jabber Identifier (JID) to authenticate and interact with the server.
The JID is in the format <user>@<realm>, for example,
chatuser@chatserver.example.com.
In this example, your iChat service should be configured to host the realm
chatserver.example.com.
DNS resolution directs clients to your server when they resolve that host name.
To configure iChat on a virtually hosted domain:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
31. Chapter 3 Setting Up Advanced iChat Service Configurations 31
The list of services appears.
3 Click iChat.
4 Change the realms served by iChat service by modifying the Host Domains field.
If you add additional domains to the list, those domains will be supported as jabber
realms.
5 To support multiple realms, DNS should be configured appropriately.
32. 32 Chapter 3 Setting Up Advanced iChat Service Configurations
33. 33
Glossary
Glossary
AFP Apple Filing Protocol. A client/server protocol used by Apple file service to share
files and network services. AFP uses TCP/IP and other protocols to support
communication between computers on a network.
address A number or other identifier that uniquely identifies a computer on a network,
a block of data stored on a disk, or a location in a computer’s memory. See also IP
address, MAC address.
administrator A user with server or directory domain administration privileges.
Administrators are always members of the predefined“admin”group.
alias Another email address at your domain that redirects incoming email to an
existing user.
Apple Filing Protocol See AFP.
automount To make a share point appear automatically on a client computer. See also
mount.
bit A single piece of information, with a value of either 0 or 1.
Bonjour A protocol developed by Apple for automatic discovery of computers,
devices, and services on IP networks. Formerly called Rendezvous, this proposed
Internet standard protocol is sometimes referred to as ZeroConf or multicast DNS.
CIFS Common Internet File System. See SMB.
client A computer (or a user of the computer) that requests data or services from
another computer, or server.
command line The text you type at a shell prompt when using a command-line
interface.
command-line interface A way of interacting with the computer (for example, to run
programs or modify file system permissions) by entering text commands at a shell
prompt. See also shell; shell prompt.
34. 34 Glossary
daemon A program that runs in the background and provides important system
services, such as processing incoming email or handling requests from the network.
DHCP Dynamic Host Configuration Protocol. A protocol used to dynamically distribute
IP addresses to client computers. Each time a client computer starts up, the protocol
looks for a DHCP server and then requests an IP address from the DHCP server it finds.
The DHCP server checks for an available IP address and sends it to the client computer
along with a lease period—the length of time the client computer may use the
address.
directory See folder.
directory domain A specialized database that stores authoritative information about
users and network resources; the information is needed by system software and
applications.The database is optimized to handle many requests for information and to
find and retrieve information quickly. Also called a directory node or simply a directory.
DNS Domain Name System. A distributed database that maps IP addresses to domain
names. A DNS server, also known as a name server, keeps a list of names and the IP
addresses associated with each name.
DNS domain A unique name of a computer used in the Domain Name System to
translate IP addresses and names. Also called a domain name.
DNS name A unique name of a computer used in the Domain Name System to
translate IP addresses and names. Also called a domain name.
domain Part of the domain name of a computer on the Internet. It does not include
the top-level domain designator (for example, .com, .net, .us, .uk). Domain name
“www.example.com”consists of the subdomain or host name“www,”the domain
“example,”and the top-level domain“com.”
domain name See DNS name.
Domain Name System See DNS.
drop box A shared folder with privileges that allow other users to write to, but not
read, the folder’s contents. Only the owner has full access. Drop boxes should be
created only using AFP. When a folder is shared using AFP, the ownership of an item
written to the folder is automatically transferred to the owner of the folder, thus giving
the owner of a drop box full access to and control over items put into it.
everyone Any user who can log in to a file server: a registered user or guest, an
anonymous FTP user, or a website visitor.
export In the Network File System (NFS), a way of sharing a folder with clients on a
network.
35. Glossary 35
file server A computer that serves files to clients. A file server may be a general-
purpose computer that’s capable of hosting additional applications or a computer
capable only of serving files.
file system A scheme for storing data on storage devices that allows applications to
read and write files without having to deal with lower-level details.
File Transfer Protocol See FTP.
FTP File Transfer Protocol. A protocol that allows computers to transfer files over a
network. FTP clients using any operating system that supports FTP can connect to a file
server and download files, depending on their access privileges. Most Internet browsers
and a number of freeware applications can be used to access an FTP server.
group A collection of users who have similar needs. Groups simplify the administration
of shared resources.
guest user A user who can log in to your server without a user name or password.
home directory See home folder.
home folder A folder for a user’s personal use. Mac OS X also uses the home folder to
store system preferences and managed user settings for Mac OS X users. Also known as
a home directory.
host Another name for a server.
host name A unique name for a computer, historically referred to as the UNIX
hostname.
iChat The Mac OS X instant messaging application.
iChat service The Mac OS X Server service that hosts secure chats. iChat service uses
Open Directory authentication to verify the identity of chatters and SSL to protect the
privacy of users while they chat.
Internet A set of interconnected computer networks communicating through a
common protocol (TCP/IP). The Internet is the most extensive publicly accessible
system of interconnected computer networks in the world.
Internet Protocol See IP.
IP Internet Protocol. Also known as IPv4. A method used with Transmission Control
Protocol (TCP) to send data between computers over a local network or the Internet. IP
delivers data packets and TCP keeps track of data packets.
IP address A unique numeric address that identifies a computer on the Internet.
36. 36 Glossary
IP subnet A portion of an IP network, which may be a physically independent network
segment, that shares a network address with other portions of the network and is
identified by a subnet number.
Kerberos A secure network authentication system. Kerberos uses tickets, which are
issued for a specific user, service, and period of time. After a user is authenticated, it’s
possible to access additional services without retyping a password (called single sign-
on) for services that have been configured to take Kerberos tickets. Mac OS X Server
uses Kerberos v5.
LDAP Lightweight Directory Access Protocol. A standard client-server protocol for
accessing a directory domain.
Line Printer Remote See LPR.
local hostname A name that designates a computer on a local subnet. It can be used
without a global DNS system to resolve names to IP addresses. It consists of lowercase
letters, numbers, or hyphens (except as the last characters), and ends with“.local”(For
example, bills-computer.local). Although the default name is derived from the
computer name, a user can specify this name in the Sharing pane of System
Preferences. It can be changed easily, and can be used anywhere a DNS name or fully
qualified domain name is used. It can only resolve on the same subnet as the computer
using it.
LPR Line Printer Remote. A standard protocol for printing over TCP/IP.
Mac OS X The latest version of the Apple operating system. Mac OS X combines the
reliability of UNIX with the ease of use of Macintosh.
Mac OS X Server An industrial-strength server platform that supports Mac, Windows,
UNIX, and Linux clients out of the box and provides a suite of scalable workgroup and
network services plus advanced remote management tools.
mount (verb) To make a remote directory or volume available for access on a local
system. In Xsan, to cause an Xsan volume to appear on a client’s desktop, just like a
local disk.
Network File System See NFS.
network interface Your computer’s hardware connection to a network. This includes
(but isn’t limited to) Ethernet connections, AirPort cards, and FireWire connections.
NFS Network File System. A client/server protocol that uses Internet Protocol (IP) to
allow remote users to access files as though they were local. NFS exports shared
volumes to computers based on IP address, rather than user name and password.
37. Glossary 37
nfsd daemon An NFS server process that runs continuously behind the scenes and
processes read and write requests from clients. The more daemons that are available,
the more concurrent clients can be served.
Open Directory The Apple directory services architecture, which can access
authoritative information about users and network resources from directory domains
that use LDAP, Active Directory protocols, or BSD configuration files, and network
services.
open source A term for the cooperative development of software by the Internet
community. The basic principle is to involve as many people as possible in writing and
debugging code by publishing the source code and encouraging the formation of a
large community of developers who will submit modifications and enhancements.
oplocks See opportunistic locking.
opportunistic locking Also known as oplocks. A feature of Windows services that
prevents users of shared files from changing the same file at the same time.
Opportunistic locking locks the file or part of the file for exclusive use, but also caches
the user’s changes locally on the client computer for improved performance.
owner The owner of an item can change access permissions to the item. The owner
may also change the group entry to any group the owner is a member of. By default,
the owner has Read & Write permissions.
password An alphanumeric string used to authenticate the identity of a user or to
authorize access to files or services.
pathname The location of an item within a file system, represented as a series of
names separated by slashes (/).
permissions Settings that define the kind of access users have to shared items in a file
system. You can assign four types of permissions to a share point, folder, or file: Read &
Write, Read Only, Write Only, and No Access. See also privileges.
port A sort of virtual mail slot. A server uses port numbers to determine which
application should receive data packets. Firewalls use port numbers to determine
whether data packets are allowed to traverse a local network.“Port”usually refers to
either a TCP or UDP port.
privileges The right to access restricted areas of a system or perform certain tasks
(such as management tasks) in the system.
process A program that has started executing and has a portion of memory allocated
to it.
38. 38 Glossary
protocol A set of rules that determines how data is sent back and forth between two
applications.
QTSS QuickTime Streaming Server. A technology that lets you deliver media over the
Internet in real time.
queue An orderly waiting area where items wait for some type of attention from the
system. See also print queue.
QuickTime A set of Macintosh system extensions or a Windows dynamic-link library
that supports the composition and playing of movies.
QuickTime Streaming Server See QTSS.
Samba Open source software that provides file, print, authentication, authorization,
name resolution, and network service browsing to Windows clients using the SMB
protocol.
server A computer that provides services (such as file service, mail service, or web
service) to other computers or network devices.
share point A folder, hard disk (or hard disk partition), or optical disc that’s accessible
over the network. A share point is the point of access at the top level of a group of
shared items. Share points can be shared using AFP, SMB, NFS (an export), or FTP.
short name An abbreviated name for a user. The short name is used by Mac OS X for
home folders, authentication, and email addresses.
single sign-on An authentication strategy that relieves users from entering a name
and password separately for every network service. Mac OS X Server uses Kerberos to
enable single sign-on.
SLP DA Service Location Protocol Directory Agent. A protocol that registers services
available on a network and gives users easy access to them. When a service is added to
the network, the service uses SLP to register itself on the network. SLP DA uses a
centralized repository for registered network services.
SMB Server Message Block. A protocol that allows client computers to access files and
network services. It can be used over TCP/IP, the Internet, and other network protocols.
SMB services use SMB to provide access to servers, printers, and other network
resources.
TCP Transmission Control Protocol. A method used with the Internet Protocol (IP) to
send data in the form of message units between computers over the Internet. IP
handles the actual delivery of the data, and TCP keeps track of the units of data (called
packets) into which a message is divided for efficient routing through the Internet.
39. Glossary 39
ticket, Kerberos A temporary credential that proves a Kerberos client’s identity to a
service.
Transmission Control Protocol See TCP.
UDP User Datagram Protocol. A communications method that uses the Internet
Protocol (IP) to send a data unit (called a datagram) from one computer to another on
a network. Network applications that have very small data units to exchange may use
UDP rather than TCP.
UID User ID. A number that uniquely identifies a user within a file system. Mac OS X
computers use the UID to keep track of a user’s folder and file ownership.
URL Uniform Resource Locator. The address of a computer, file, or resource that can be
accessed on a local network or the Internet. The URL is made up of the name of the
protocol needed to access the resource, a domain name that identifies a specific
computer on the Internet, and a hierarchical description of a file location on the
computer.
USB Universal Serial Bus. A standard for communicating between a computer and
external peripherals using an inexpensive direct-connect cable.
User Datagram Protocol See UDP.
user ID See UID.
user name The long name for a user, sometimes referred to as the user’s real name.
See also short name.
volume A mountable allocation of storage that behaves, from the client’s perspective,
like a local hard disk, hard disk partition, or network volume. In Xsan, a volume consists
of one or more storage pools. See also logical disk.
WebDAV Web-based Distributed Authoring and Versioning. A live authoring
environment that allows client users to check out webpages, make changes, and then
check the pages back in to the site while the site is running.
WINS Windows Internet Naming Service. A name resolution service used by Windows
computers to match client names with IP addresses. A WINS server can be located on
the local network or externally on the Internet.
41. 41
Index
Index
A
access, service 19, 25, 29
access control lists. See ACLs
accounts, adding 18
ACLs (access control lists) 25
administrator 29
administrator computer 14
approved list, domain 28
authentication 13, 29
auto-buddy support 22
B
backup, server 22
buddies 18, 22
business size and iChat 13, 14
C
certificates 12, 19, 20, 28, 30
chat service. See iChat
collaboration service, iChat as 11
command-line tools 15
configuration
file implementation 21
organizational considerations 13, 14
procedure 18
D
digital certificates 20
directory services
domains 28, 30
Open Directory 17, 19, 29
DNS (Domain Name System) service 18
documentation 7, 9
Domain Name System. See DNS
domains, directory
approved list 28
host domains 18
Open Directory 17, 19, 29
virtual 30
E
encryption 12, 19, 29
Extensible Messaging and Presence Protocol. See
XMPP
F
file transfer services 12
firewalls, file transfer through 12
H
host domains 18
host name 28, 30
I
iChat service
as collaboration service 11
connections 12, 13, 14
managing 19
organizational considerations 13, 14
overview 6, 11
planning for 17
saving messages 21
settings 20
tools for 14, 15
workings of 12
instant messaging. See iChat service
J
Jabber instant messaging project. See iChat service
Jabber Proxy65 module 12
K
Kerberos 29
L
LDAP (Lightweight Directory Access Protocol)
service 29
linking servers 27
logs 21, 22
N
naming conventions, screen names 17
42. 42 Index
O
Open Directory 17, 19
Open Directory master 29
open source modules, Jabber 12, 21
P
ports, encryption 29
public key certificates. See certificates
R
realms. See Kerberos
recording chat sessions 13
S
S2S connections 12
SACLs (service access control lists) 25
screen names, iChat 17
Secure Sockets Layer. See SSL
security
access control 19, 25, 29
approved list 28
authentication 13, 29
firewalls 12
s2s sessions 12
SSL 19, 20, 29, 30
TLS 28
Server Admin 14, 26, 27
Server Preferences 13, 27
servers
backup 22
linking 27
restoring 23
server-to-server connections 26, 27
service access control lists. See SACLs
setup procedures. See configuration
Since 18
SSL (Secure Sockets Layer) 19, 20, 29, 30
T
Time Machine 22
TLS (Transport Layer Security) protocol 28
U
URLs (Uniform Resource Locators) 13
users, buddy control 18, 22
V
virtual domains 30
W
Workgroup Manager 15
X
XMPP (Extensible Messaging and Presence
Protocol) 12, 21, 27