![]() That means it’s entirely possible for a user’s password counter to hit zero after that user has logged in. Password changes, at least with Mac OS X Server, happen based on the number of seconds since the last password change. But, if you have to institute regular password changes, you run into an odd annoyance. This also highlights a longstanding annoyance I have with KMS: The connection between KMS and our directory users Kerberos, but you can’t connect, as a client, using Kerberos.įor most people, this is only a minor issue, as Single-Signon is not a big factor for many. The disadvantage here is that if something happens to your directory server, your e-mail doesn’t work either. The advantage here is that you don’t have to maintain user passwords in KMS. KMS has a set of Open Directory extensions that you install on your Open Directory Master and any Replicas, and you tell KMS about that directory and tell it to use Kerberos to communicate with the directory server for authenticating users. ![]() Getting KMS to talk to our Open Directory service was fairly simple. It’s not perfect some of the options, like adding port 587 to SMTP services is a little counterintuitive, but in my case, that was more because we wanted it to be more complicated than it was. (Apple, I look at you fixedly here.) The KMS GUI gives you all the tools you need to run your server in a well thought-out, easy to use application. Dealing with them is so much better than either the “We have all the power, but prove you’re worthy” design of some servers or the “Yes, we have a GUI, but really, most of the lower-level stuff is going to require you to work around the GUI tools” of others. One thing I greatly appreciate about KMS over other e-mail servers is that the administration tools are both powerful and easy to use.
0 Comments
Leave a Reply. |