beautypg.com

Setting up authentication manager, Setting up authentication manager 618 – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 618

background image

618

Chapter 17

6

In the Terminal application, change the access privileges to the passphrase file so only root
can read and write to this file.

Do this by typing the following two commands, pressing Return after each one:

cd /private/var/root/Library/Keychains/

chmod 600 certkc.pass

The mail service of Mac OS X Server 10.2 can now use SSL for secure IMAP connections.

7

Log out as root.

Note: If mail service is running, you need to stop it and start it again to make it recognize
the new certificate keychain.

Setting Up SSL for Mail Service on a Headless Server

If you want to set up SSL for mail service on a server that doesn’t have a display, first follow
the instructions the four sections above, namely

Generating a CSR and Creating a Keychain (p. 614)

Obtaining an SSL Certificate (p. 616)

Importing an SSL Certificate Into the Keychain (p. 617)

Creating a Passphrase File (p. 617)

Then copy the keychain file “certkc” and the keychain passphrase file “certkc.pass” to the
root keychain folder on the headless server. The path on the headless server is /private/var/
root/Library/Keychains/.

Setting Up Authentication Manager

Storing and validating user passwords for login and other network services that require
authentication is usually best done with a Password Server. However, you may have reasons
for wanting to use the basic password validation strategy instead. If you wish to use the basic
password strategy and allow Windows and SMB clients to access the Windows services of
Mac OS X Server, you can enable the Authentication Manager from the command line in the
Terminal application. For the pros and cons of password validation strategies, see
“Contrasting Password Validation Options” on page 195 in Chapter 3, “Users and Groups.”

To set up Authentication Manager:

1

Log in to the server as an administrator of the server.

2

Start the Terminal application, located in /Applications/Utilities.

3

Enter the following command line, where “local” is the NetInfo tag for the local domain:

sudo tim -init -auto local

LL0395.Book Page 618 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: