Dog of Three Heads

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing, with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is is the original version of my Sixteenth column, written in November 2006, which was discarded as being too business related for the typical MacFormat reader. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.


Dog of Three Heads

In Greek mythology Kerberos, also known as Cerberus, was the hound of Hades who guarded the gates and ensured that the dead could not leave and the living could not enter.

In computer terms Kerberos is a protocol that allows users to prove their identity on a network in a secure manner without ever having to send your password over the network. This means that even if your log-on is intercepted by a third party they cannot pretend to be you.

That’s all well and good in the insecure world of the Internet but what benefit can Kerberos have to a network of Macs that might not even be connected to the Internet? Kerberos is also the foundation of something called Single Sign-on in OS X Server and also in Microsoft’s Active Directory.

With Single Sign-on you only need to enter your password once and then you have access to all of the network resources that you are allowed to access. Instead of having to remember different passwords for each server that you access you are simply granted access straight away. Now if you were thinking that this sounds a bit like the Keychain you would be right, to an extent. With Keychain you still have all the different user names and passwords but you have a master password that unlocks them all. With Single Sign-on you have just the one user name and password so that when you change your password for one server you change it for all of those that are in the Kerberos realm.

So how do we go about setting up Single Sign-on? Kerberos is one of those bits of OS X Server that don’t get a lot of publicity but really deserve to. One of the issues with OS X Server giving you so much in the box, as opposed to Windows Server 2003 for example, is that few people really do more than scratch the surface of what it is capable of. In the Windows world you but Windows Server which is the bedrock and then on that you build the server that you want buy buying the bits that you want such as a mail server, a database, collaboration and messaging tools or system management. With OS X you get all of that in the box at no extra charge. If you don’t pay for something then subconsciously you don’t perceive it as having any value and so you don’t go looking for ways to use it. If you have paid good money for an extra feature then you make darned sure that you use it.

If you have OS X Server you have all of the tools necessary to set up Kerberos but first you need to configure a good few other things that come in the box. You need to have a working DNS on your network and you probably ought to have Open Directory set-up as well and you definitely need to ensure that all of your Macs have the same date and time, usually by making sure that they have access to the same time server.

If you are thinking that all of that sounds horribly complicated you would be right, a lot of it is but there are great benefits to having a proper network rather than just a bunch of computers that are connected together. As Mac users we are used to managing our own systems, treating each of them as a separate entity rather than as part of the whole network. In the Windows world it is the opposite. On a Windows network you almost always have systems that are managed centrally and consistently, and you can connect to any server that you have the right to access straight away without having to retype passwords etc. Your Mac becomes a much more powerful tool when it is part of a managed network. As well as having Single Sign-on you can hot desk, logging on to any computer on the network that you are authorised to access and getting your desktop and documents presented to you as if you were on the same computer that you always use. If you have a fault and need to replace your computer you don’t have to worry about copying all of your data over as it is held on the network, all your preferences and even your desktop picture.

If you have a Mac running OS X Server look into all of the other things that it can do besides just being a simple file server. If you have more than one server you absolutely need to look at tying them together to make life easier for your users.

The Tower of Babble

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing, with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is my fifteenth column, written in November 2006. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.

“much, if not all, of the information contained in it may well have changed in the meantime” – something that I say with every one of these archive posts but this one seems to have dated a lot more than some of the others.

When this was written Facebook had only been open for public access for about a month and, today, I would venture that Facebook’s Messenger & WhatsApp, plus iMessage and WeChat account for the majority of the messaging in use on the internet today; though most of it isn’t the sort of real-time chatting that was in my mind when I wrote this. None of those services existed at the time of writing.


The Tower of Babble

man-1483479_1280

Babble – noun – the sound of people talking quickly and in a way that is impossible to understand.

For a Mac user wanting to use instant messaging there is a wide variety of, often confusing, choices. Things get even worse if you want to do more than basic IM and include things like video chat or making phone calls with your IM client.

OS X comes with iChat so it is probably the default option for most Mac users. iChat supports both AOL’s Oscar protocol and the open source Jabber protocol. As such if you use iChat you can chat with users of AOL Instant Messenger and ICQ, both of which support Oscar, and Google Talk, which uses Jabber. If you want to do video chat you are restricted to other iChat users or AIM users who run Windows XP. There is a hack that leverages Jabber to allow you to chat with Yahoo Instant Messenger or Microsoft MSN users, if you are interested have a look at ( now a dead link ) .

MSN has long been a sandbox and would only talk to other users of MSN. Regulatory pressure is changing that and the latest version for the Mac, now know as Microsoft Messenger, will communicate with Yahoo and if you have a Microsoft Live Communications Server will also talk to AIM. If you want to user Microsoft Messenger for video chat you will have to stick to Windows if you use the official client as Microsoft don’t support it on the Mac. Alternatively an open source project called Mercury ( http://www.mercury.to ) is working on creating a Mac client that can do video chat but it is still in beta and the chat has to be started by a Windows user.

Yahoo Instant Messenger used to only talk to other YIM users but can now also talk to Microsoft Messenger. One of the main reasons to use YIM is that you can do video chat between Macs and PCs quite easily and if this is the main thing that you want a chat client for then it is a good choice. Apart from that there isn’t a great deal to differentiate it from any other IM service.

AOL offers two IM clients, AOL Instant Messenger and ICQ. These were originally from two separate companies but AOL bought Mirabilis, ICQ’s developer, in 1998. For much of the past 8 years they have operated as essentially two separate IM services although they have been able to communicate with each other since 2000. For some time Microsoft tried to get MSN to talk to AIM by writing their own code, independently of AOL, but every time Microsoft released a patch AOL would counter with changes to their servers which blocked MSN. This seems to have subsided for now and as of today both AIM and ICQ can only talk to themselves and iChat. The Mac clients for AOL or ICQ don’t support video but as above AIM users on Windows XP can video chat with iCaht.

Google have now released their own IM service called Google Talk but they only produce client software for the PC. This is not too much of an issue for Mac users though as Google use the open source Jabber protocol which is supported by iChat.

Skype is the poster child for VoIP (voice over internet protocol) and is the best choice if you want to be able to either make calls to regular phones or have a phone number that people can contact you on anywhere in the world. Whilst AIM, ICQ, YIM and MSN all support calling out to phones this feature is limited to the Windows version. The latest beta version for the Mac now supports video calling and Skype also works as a standard, text based, IM application but Skype only talks to Skype.

There is no perfect IM application that does everything. It is quite possible that you will need more than one to tick all of your boxes. There are a few, third party, applications that will connect to more than one service but these do not support all of their features and none of them support Skype. Have a look at the following, Fire ( http://fire.sourceforge.net ), Adium ( http://www.adiumx.com ) and Proteus ( now a dead link ) all of which will allow you to chat with people using different services all within the one application.