Computerworld - In a series of articles written by Yuval Kossovsky, manager of digital media systems at Hunter College's Department of Film and Media Studies in New York, Computerworld is following the school's integration of new Apple Computer Inc. hardware and software. This is the fifth of those articles, which are intended to offer a hands-on view of integrating Macintosh computers and Apple software in what's largely an Intel and Windows world.
The phrase often used is "single sign-on," and it means relief from multiple passwords for each server that an end user accesses. The theory goes something like this: In the old days of computing, every server an end user accessed required a new log-on. Since the servers were often managed by different computing groups, the hapless corporate end user ended up with numerous log-ons and passwords. The domain and directory service architecture is supposed to provide relief for this by bringing all of the servers under one roof. A primary server acts as the authorization agent, and all the other servers query it for an OK when a user attempts to access a resource.
The domain model greatly simplifies the lives of both the end user and the administrator.
Fast-forward to the OSX Open Directory model now available. Because Apple endowed its system with the ability to understand many protocols, the domain catalog can be maintained natively in two major formats: Net Info and Lightweight Directory Access Protocol. The server can also work as part of a Microsoft Active Directory domain, but only as a member server -- not as the primary authenticator. For this discussion, we will leave out Active Directory, since the OSX machine will act as the primary server.
To set up single sign-on for all of your servers, first you must set up the primary server.
I used my X-Serve for this purpose. To begin, run the Open Directory Assistant, and make the selections as outlined in the accompanying screenshots. First, the server must have a fixed IP (see Figure 1).
On the next screen, choose "provide directory information to other computers" for the primary server and "get directory information from an existing system" for all of the other servers in your domain (see Figure 2). 
Keep in mind that if you have already set up users in the servers, they will be wiped out when rerunning the Open Directory Assistant. Be sure to export your catalog so it can be reimported after the process is finished. Also, if you had previously set up
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
