Hands-on: Using Net Info domains for single sign-on to many servers

By Yuval Kossovsky

May 14, 2003 12:00 PM ET

Recommended

(7)

Digg

Twitter

Share/Email

Computerworld - In a series of articles written by Yuval Kossovsky, manager of digital media systems at Hunter College's Department of Film and Media Studies in New York, Computerworld is following the school's integration of new Apple Computer Inc. hardware and software. This is the fifth of those articles, which are intended to offer a hands-on view of integrating Macintosh computers and Apple software in what's largely an Intel and Windows world.
The phrase often used is "single sign-on," and it means relief from multiple passwords for each server that an end user accesses. The theory goes something like this: In the old days of computing, every server an end user accessed required a new log-on. Since the servers were often managed by different computing groups, the hapless corporate end user ended up with numerous log-ons and passwords. The domain and directory service architecture is supposed to provide relief for this by bringing all of the servers under one roof. A primary server acts as the authorization agent, and all the other servers query it for an OK when a user attempts to access a resource.
The domain model greatly simplifies the lives of both the end user and the administrator.
Fast-forward to the OSX Open Directory model now available. Because Apple endowed its system with the ability to understand many protocols, the domain catalog can be maintained natively in two major formats: Net Info and Lightweight Directory Access Protocol. The server can also work as part of a Microsoft Active Directory domain, but only as a member server -- not as the primary authenticator. For this discussion, we will leave out Active Directory, since the OSX machine will act as the primary server.
To set up single sign-on for all of your servers, first you must set up the primary server.
I used my X-Serve for this purpose. To begin, run the Open Directory Assistant, and make the selections as outlined in the accompanying screenshots. First, the server must have a fixed IP (see Figure 1).

On the next screen, choose "provide directory information to other computers" for the primary server and "get directory information from an existing system" for all of the other servers in your domain (see Figure 2).

Keep in mind that if you have already set up users in the servers, they will be wiped out when rerunning the Open Directory Assistant. Be sure to export your catalog so it can be reimported after the process is finished. Also, if you had previously set up

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Macintosh

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.