[Macpartners] Leopard Server setup

[Patrick McNeal]

On Nov 16, 2007, at 11:25 AM, Allan Doyle wrote:

> So at the very least, I'm interested in setting up services that are
> private to those 20 people and that require a minimum of fuss to
> connect to. So Kerberos is probably something I need.
>
> The kinds of things we'd do:
>
>  - shared files (either the Mac OS way or maybe NFS, or maybe even
> SMB so some Windows machines can also take advantage of our server)

It is possible to configure AFP to use kerberos for authentication.   
Once setup, any user with a local account will be able to access your  
server over AFP with a valid TGT.  I'm not sure about NFS or SMB.

>  - internal blog/wiki, etc. - i.e. Apache with authentication that
> uses people's certificates to let them on and keep others out.

I've not seen any Apple documentation that indicates they support this  
out of the box, but since it's just Apache underneath it all, it  
should be possible.  The biggest problem though with changing Apache  
settings is future Apple updates might overwrite your changes.

Ideally, Apple would support single sign-on solutions such as  
touchstone, but I've not heard that they've done any work on that front.

>  - iCal sharing (hopefully short term until MIT's new whizzy calendar
> system rolls out)

I've not played around much with iCal server, but according to the Mac  
OS Server Open Directory Administration guide ( page 50 ), iCal is not  
a kerberized service.  Another problem I see with an iCal Server setup  
is that users wouldn't be able to schedule meetings with people on  
techtime electroncially.

Let me know if you want to explore any of these more, and we'll see  
what we can do.

--Patrick

------------------------------------------------------------------------------
Patrick McNeal
Macintosh Platform Coordinator - Software Release Team
Client Support Services, Information Services and Technology
Massachusetts Institute of Technology
N42-250E
Cambridge, MA 02139
+1 617 253-0196
mcneal at mit.edu