O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

26.2. Using Windows Directory Services

Although the world would undoubtedly be a much happier place if everyone used Macs, there are still a few unenlightened souls here and there who use Windows. For better or worse, Windows is still the predominant operating system in corporate environments, and as such, many large organizations rely on Microsoft Active Directory servers to provide the same sorts of centralized authentication and directory services Open Directory offers. Like Open Directory, Active Directory offers Kerberos single sign-on capabilities, and either directory service can be used directly by both Mac and Windows clients (although each also offers certain platform-specific features).

If your network is Mac-only — or even if your servers are Mac-only — there's nothing for you to see here; move right along to the next chapter. However, if you're adding one or more servers running Mac OS X Server to a network that already uses Active Directory, you may want to know a few things about how Open Directory and Active Directory work together.

One thing to be aware of is that any given service can tie into only one Kerberos server for single sign-on authentication. An Active Directory server can provide single sign-on access to all the services running on that server or to external services joined to its Kerberos realm. Open Directory can do the same thing. But if a user signs in to Active Directory with Kerberos, that single sign-on won't be good for services for which Open ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required