Hands-on: Using Net Info domains for single sign-on to many servers

By Yuval Kossovsky

May 14, 2003 12:00 PM ET

Recommended

(7)

Digg

Twitter

Share/Email

Computerworld - In a series of articles written by Yuval Kossovsky, manager of digital media systems at Hunter College's Department of Film and Media Studies in New York, Computerworld is following the school's integration of new Apple Computer Inc. hardware and software. This is the fifth of those articles, which are intended to offer a hands-on view of integrating Macintosh computers and Apple software in what's largely an Intel and Windows world.
The phrase often used is "single sign-on," and it means relief from multiple passwords for each server that an end user accesses. The theory goes something like this: In the old days of computing, every server an end user accessed required a new log-on. Since the servers were often managed by different computing groups, the hapless corporate end user ended up with numerous log-ons and passwords. The domain and directory service architecture is supposed to provide relief for this by bringing all of the servers under one roof. A primary server acts as the authorization agent, and all the other servers query it for an OK when a user attempts to access a resource.
The domain model greatly simplifies the lives of both the end user and the administrator.
Fast-forward to the OSX Open Directory model now available. Because Apple endowed its system with the ability to understand many protocols, the domain catalog can be maintained natively in two major formats: Net Info and Lightweight Directory Access Protocol. The server can also work as part of a Microsoft Active Directory domain, but only as a member server -- not as the primary authenticator. For this discussion, we will leave out Active Directory, since the OSX machine will act as the primary server.
To set up single sign-on for all of your servers, first you must set up the primary server.
I used my X-Serve for this purpose. To begin, run the Open Directory Assistant, and make the selections as outlined in the accompanying screenshots. First, the server must have a fixed IP (see Figure 1).

On the next screen, choose "provide directory information to other computers" for the primary server and "get directory information from an existing system" for all of the other servers in your domain (see Figure 2).

Keep in mind that if you have already set up users in the servers, they will be wiped out when rerunning the Open Directory Assistant. Be sure to export your catalog so it can be reimported after the process is finished. Also, if you had previously set up

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Macintosh

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.