Detailed Description:
I have spoken with a variety of personnel inside Novell and Condrey on the subject of Single Sign On, which I know is a pressing issue for future versions of iPrint. This enhancement is a very short restatement of my views, and I wanted to put it in the system since whatever SSO method is chosen will have implications for ZENworks and GroupWise integration down the line.
Proposed Solution:
In general, I support solutions which are either Apple-like, Novell-like, or both. Thus, for SSO functionality in Kanaka, I think the options that are going to have any kind of engineering stability are the following:
1. Some form of Kerberos integration (including using the Local KDC or simply a standard MIT Kerberos on OES that can take eDirectory as a back-end).
2. Using the OS X keychain.
3. CASA for OS X
4. Some sort of NMAS agent.
Having extensively studied Apple's Directory Services frameworks since OS X 10.2 to the present, worked with eDirectory/Netware/OES since Netware 4.x, Kanaka since version 1.0, and both the Classic vintage NCP client for Mac and the Prosoft version, I am pretty sure that anything other than the above is going to lead to layer-upon layer of shimming that will break with every release of OS X and OES until the solution is abandoned.
Please remember the example of the GroupWise client. In using neither established Novell technologies nor OS X-native technologies (i.e. using Java for everything), they have managed to create a client universally reviled by vendor and customers alike.
Value Proposition:
OS X SSO that can be used for all Novell products going forward, with a minimum of tweaking for new versions of the client and server.
by: Johnnie O. | over a year ago | Mac OSX
Comments
I am in 100% agreement of these enhancements.