O'Reilly logo

OS X Mountain Lion Server For Dummies by John Rizzo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring Single Sign-On for Mac Clients

After successfully binding the Mac server to the Active Directory domain (see the section “Binding Your Server to Active Directory,” earlier in this chapter), another step to consider is to implement Kerberos on the server. Both Active Directory and Open Directory use Kerberos for authentication across various applications so that after a user logs in to the network, the user can access all network assets, such as file servers, for which he or she has permission without the need for further authentication. Doing away with the need for multiple passwords and authentications is called single sign-on.

Single sign-on in Active Directory works by AD’s issuing a ticket when a user logs in to the domain. The ticket represents everything that the user can do. After a user logs in initially, the ticket handles all other authentication activities automatically.

remember.eps For single sign-on to work for Mac clients on an Active Directory network, single sign-on must first be implemented in Active Directory. Single sign-on implementation in Active Directory is beyond the scope of this book.

To implement Kerberos and SSO for Mac clients in an Active Directory domain, you need to type a command in the Terminal application (in the /Applications/Utilities folder). Type this:

sudo dsconfigad -enablesso

Test that single sign-on is working properly by logging in as ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required