Setting Up a Private iChat Server

Whether a small business, a school, or a household where you don’t want to walk up to your kid’s room to help him with algebra homework, a private iChat Server can be beneficial. iChat is the default instant messaging client for the Mac. Instant messaging allows these individuals to communicate by text, audio, and even video without leaving their chairs. This opens up the ability for receptionists to let you know that someone is waiting for you on a call or in the lobby, for teachers to send homework assignments to students, and for having a video chat with your family when you’re out of town.

But most people use iChat by connecting to the AOL Instant Messenger or MobileMe networks. When publicly accessible, anyone can chat with users, whether you know them or not. Controlling who can communicate with your users can keep children safe and employees productive. This is where iChat Server is most helpful. Using iChat Server, which is based on the popular jabber open source project, you can have a private messaging solution, controlling who communicates with your users and even keeping copies of written communications.

Configuring iChat Server

The iChat Server is one of the easiest to configure. To do so, first open the Server app and click on iChat in the SERVICES section of the Server sidebar. From the iChat Server screen in Server, click the ON button. The configuration files will then be written and after a time, a green light will appear beside the iChat entry in Server.

Once the service is started, more finely grained configuration options can be set, such as linking two servers using federation, or saving copies of each chat message that is sent to and from the server.


In some cases, organizations will need to connect two servers to allow for instant messaging across, for example, two sites. Linking two iChat Servers is known as federation. Federation can also be used to link iChat Server to a number of other services, such as Google Chat. The server will need firewall ports open to do this.

To set up federation, open Server and click on iChat in the SERVERS list in the Server application’s sidebar. From the iChat Server screen, click on the checkbox for Enable server-to-server federation. Then, to add the servers to federate with, click on the Edit button.

At the Server-To-Server Federation dialog box, “Allow federation with all domains” will be selected by default. Use the radio button to change this setting to “Restrict federation to the following domains.” Then, use the plus sign (“+”) to add each server (preferably, using the hostname if those are able to resolve), as seen in Figure 4-8.

Federating iChat servers

Figure 4-8. Federating iChat servers

Each server in federation will need to be added to each other server, so repeat the process on each. The “Require secure server-to-server federation” checkbox is only available as an option if you have installed an SSL certificate on the server (the certificate can be self-signed). Use this option if each server in the federated set has a certificate and if the certificate for each server is in the system keychain of each other server. SSL encryption helps to keep data secure as it is transmitted from server to server.

Saving a Copy of Each Chat

A hot topic these days is cyber-bullying in schools. One weapon used to combat cyber-bullying is to keep a transcript of conversations between students. Each iChat client can be configured to keep transcripts of conversations; however, this is not very centrally managed and in the event that users might sit at multiple computers, it can be cumbersome to track down transcripts of specific sessions. Additionally, transcripts can be deleted.

iChat Server keeps chat transcripts between users centrally. This allows you to keep a log of all instant messages. These are then indexed by spotlight and can easily be searched for offensive terms or for specific chat transcripts, and then copied or printed.

To enable centralized archival of instant messaging transcripts in iChat Server, open the Server application. Then, click on the iChat entry in Server’s SERVICES section of the sidebar. Check the “Archive all chat messages” box. Messages are then stored in /Library/Server/iChat/Data/message_archives.

Setting Up the Clients

Jabber is the backend service that Lion Server uses for iChat Server. The iChat client works with AOL Instant Messenger, MSN, and Jabber. When configured, the service connects users to one another, allowing for instant messaging, video conferencing, and audio chats.

To set up a client in OS X to connect to a Jabber service, use iChat, located in /Applications. Once open, click on the iChat menu and then click on Preferences…. Click on Accounts at the Preferences screen and then click on the plus sign (“+”) to create a new account. At the Account Setup wizard, select Jabber in the Account Type drop-down menu. Then provide the username and password entered in the Users section of the Server application. Click on the disclosure triangle for Server Options to bring up the fields to provide a server address and port. The address should be the name or IP address of the server and the port should, by default, be 5222 unless you check the Use SSL checkbox, in which case it is 5223 (and the server’s certificate may need to be accepted).

Figure 4-9 shows the settings for a user called hariseldon on a server called on port 5223. You can change the ports that iChat Server uses using the serveradmin command. For example, use the following command to change iChat to use port 5000:

serveradmin settings jabber:jabberdClientTLS = 5000

Once iChat has been configured, each user will need to be added. There are ways to automatically populate the list of users that are available to iChat Server using the jabber_autobuddy command in the Terminal. For more information on doing so, see

Setting up iChat for iChat Server

Figure 4-9. Setting up iChat for iChat Server

Get Using Mac OS X Lion Server now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.