|
Service
|
MacOS Version
|
Software
|
|
telnet
|
OS X, 10.1.2 or later
|
Either install the MIT Kerberos krb5 distribution from the Terminal window (console)
using the Unix directions, or OS 10.2.x
will include MIT's Kerberos distribution (still to be confirmed: server as well as
client?). Check for security patches!
|
|
telnet
|
All pre-OS X 10.1.2 Macs
|
No Kerberos option is available for Kerberos5. No strong
authentication option found.
|
|
https
|
Mac OS X |
Apache is
included in the distribution. We recommend upgrading to the latest version
of Apache and OpenSSL.
Other servers with SSL such as WebStar
Order Thawte SSL/TLS Server Certificates to take advantage
of Penn's bulk-purchase agreements.
|
https
|
MacOS 8.6 and higher |
Other servers with SSLWebStar
Order Thawte SSL/TLS Server Certificates to take advantage
of Penn's bulk-purchase agreements.
|
No other services are required to use strong authentication as per the
Critical Host policy; however, some commonly used Mac services have a
number of options to use strong authentication:
|
Service
|
MacOS Version
|
Software
|
In general |
Mac OS X: 10.1.2 or later
|
Use standard Unix distribution and installation method.
For help with managing Mac users to PennKeys, also see how
Macintosh Manager
helps with Kerberos installations.
Don't let the MIT documentation confuse you: note that
Kerberos for Macintosh 4.0 is only client software. |
ftpd |
MacOS 8.x (8.6 and up)
|
No strong authentication solution found.
Secure FTP Wrapper may be of use if there
is a Java 2 runtime for pre-OS X Macs. |
ftpd |
MacOS X
|
Use standard Unix distribution and installation method.
The MIT documentation may confuse; note that
Kerberos for Macintosh 4.0 is only client software. |
|
pop
|
Pre-OS X
|
Untested: Pine's package apparently supports GSSAPI. See
ftp://ftp.cac.washington.edu/pine/pine.tar.gz Could be
client-only, not server, though.
|
imap |
Pre-OS X
|
Untested: UW's imapd apparently supports GSSAPI. Could be
client-only, not server, though. |
SMTP |
OS X 10.1.3 and up
|
Apple Mail Server with
SMTP AUTH enabled |
kadmin |
OS X
Pre-OS X
|
Not available as part of
Penn's client software. Instead:
Build from MIT source
Upgrade to OS X; then build from MIT source. |
|
FileMaker Pro
|
Any |
No strong authentication method found. The newly-released
Version 6 still needs to be investigated. |
|
Appleshare
|
Appleshare IP 6.3.3 |
Basic information about encryption and encryption with
respect to e-mail |
|
Authentication to Active Directory domains
|
|
Use Microsoft document. |
|
Authentication to non-Active Directory domains, ie., WinNT.
|
OS 8.6 and up |
Use Microsoft document. |
