The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Tips for Securing Apple's Open Directory

Tips for Securing Apple's Open Directory

by , 12:30 PM EDT, August 31st, 2007

Apple's Open Directory for Mac OS X Server is a powerful, capable directory services system that uses open standards like Open LDAP and Kerberos. Despite its capabilities, there are still some methods to secure it over and above the default settings, according to Ryan Faas at Computerworld on Friday.

Mr. Fass, who has written an informative series on Apple's Open Directory system, noted, "For administrators, employing a robust directory services application that supports all their clients is only part of the equation. Directory servers manage user authentication and maintain significant amounts of information about users, groups, servers, workstations and network configurations. This makes securing directory servers a paramount concern for any network admin."

Some of the things that were noted include:

  1. Use open Directory not crypt passwords.
  2. Rely on Kerberos at every opportunity
  3. Disable unused authentication mechanisms
  4. Require SSL for all communication
  5. Use Trusted Binding introduced in Mac OS X 10.4
  6. Secure relevant ports via firewall

Mr. Faas reminded administrators that frequent inspection of the Password Service Server log will reveal failed login attempts and is worthy of attention.

The article, one more in a notable series of articles by the Mr. Fass, is a good refresher for Apple network administrators to make sure they've taken all possible measures to secure their Apple network and do it correctly.

Observer Comments

Show: Subjects Only | Full Comments
Comment on this Article


Guest Posts Visible. Hide Them.
Back to top  Page 1 of 1    

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated February 12th

Sat, 4:11 PM
MacOS KenDensed - MacOS KenDensed: iPad 3 Frenzy, Big-time Apple & Steve Jobs, G-Man
Fri, 8:10 PM
News - Apple Sues Motorola Mobility in California Over German Case
7:54 PM
Free on iTunes - OnLive Desktop: Windows & Office on Your iPad
7:43 PM
Product News - Apple Rolls Out MacBook Air Configurations for Education
6:35 PM
Just a Peek - Battle Pocket Bulge With The Hint for iPhone
6:01 PM
Rumor - Apple Reportedly Bringing MacBook Air Styling to Pro Line
4:50 PM
Particle Debris - The Hidden Gotchas of Browser Security
3:56 PM
Apple Stock Watch - Analyst: Paying a Dividend Makes Sense for Apple
2:58 PM
Deal Brothers - iMac 27-inch 2.93GHz Intel Quad-Core i7 processor:  $1,999
2:45 PM
In-Depth Review - Theodolite App for iOS is Breathtaking
12:52 PM
Apple Stock Watch - Mizuho Securities Starts Apple Coverage with $635 Target
11:35 AM
Hot Forum Topic - Forum Poll: Are You Planning on Buying a New iPad?

The Mac Observer Reader Specials

  • TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct from Strider Software.
  • Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
  • Poker Mac If you're using a Mac, then you've gotta check out Online Poker Mac. This mac poker and online casino mac site actually does the unthinkable, it actually rewards!
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!