Kanaka: Single Login Novell eDirectory Access for Mac OS X Users
Written by Buck Gashler
It's a similar scene every year. A large group of BrainShare attendees exit a session covering Mac OS X and Novell eDirectory integration and head straight for the BrainShare Exhibitor Hall looking to talk to anyone from Condrey Corporation about Kanaka. You see, these attendees have just watched one of the few Mac OS X and eDirectory integration experts in the world go through a monotonous multi-step process (See Manual Integration Steps) of integrating these two systems, and as the doubts about their own capability or willingness to go through these steps start to enter their minds, a session attendee or even the instructor himself mentions that "of course, Kanaka will automate almost all of this."
Kanaka for Mac from Condrey Corporation removes the inherent complexity of manually configuring Mac OS X to locate and mount Novell storage resources in eDirectory by automating the integration of the two platforms. The result is the world's only Mac OS X single login access solution to Novell eDirectory storage resources through flexible login options.
Mac and eDirectory Storage Access Problems
When it comes to client access in Novell networks, Mac OS X users have historically been an afterthought. For whatever reasons, traditional client software, whether developed by Novell or a third party, has tended to be nonexistent, out of date, minimalistic in its feature set, or even a published workaround methodology.
For example, Novell has not developed a Novell client for Mac since the late 1990s. Moreover, native access to storage resources on Novell Open Enterprise Server running SUSE Linux Enterprise was not available until support of the Apple Filing Protocol (AFP) was first introduced in the release of Novell Open Enterprise Server 2 Support Pack 1.
Further complicating eDirectory authentication and storage access from Mac OS X is the tedious process involved in mounting network volumes that are distributed across a Novell network. Specifically, a user must enter a user name and password to log in to each network volume he or she wishes to access.
Condrey Corporation set out to correct these problems in 2005 through an engineering initiative with Apple, Inc. Utilizing its expertise in eDirectory identity-based application development, Condrey Corporation worked on-site with the Apple Directory Engineering group to automate the integration of the two platforms. The result was the introduction of the Kanaka Plug-in component, which allowed users to simultaneously log in to Mac OS X and mount Novell storage resources through a single user name and password.
In 2010, Condrey Corporation introduced an additional authentication option-the Kanaka Desktop Client. The Desktop Client allows users to access network storage resources after they have logged in as a local user to Mac OS X.
Since its initial release, Apple has recommended and continues to recommend Kanaka as a preferred solution for Mac OS X integration with Novell eDirectory.
The Kanaka for Mac Plug-in simplifies authentication to eDirectory along with access to a user's network home directory and collaborative storage through a single password login process. The Kanaka Plug-in requires that users enter valid eDirectory credentials via the Mac OS X login window in order to log in and gain access to the desktop and any storage resources that are made available to them. (See Figure 1.)
- As an identity-based product, Kanaka uses Novell eDirectory to view network user and collaborative storage attributes that pertain to a user and then mounts the storage resources accordingly. (See Figure 2.)
- Kanaka brings together native Mac OS X technology, standard eDirectory authentication, and Novell Native File Access connectivity. Kanaka communicates with eDirectory to perform context-less user authentication and retrieve identity information in order to automatically mount both user home directories and collaborative storage resources located on Novell servers via Novell Native File Access protocols.
Native File Access allows Mac OS X systems to connect to Novell servers using AFP or CIFS/SMB (Common Internet File System/Server Message Block) protocols. Kanaka also leverages Novell NetStorage by providing the ability to automatically mount storage resources defined by Storage Location Objects.
Authentication and Mounting via the Kanaka Plug-In
While logging into Mac OS X, the user is simultaneously authenticated to eDirectory through a Novell Simple or Universal password. From eDirectory, Kanaka then retrieves identity information specific to the user including their home directory and collaborative storage attributes.
Upon retrieving these attributes, the Kanaka Plug-in converts them from their native format into a URL format that is needed by Mac OS X to mount the storage resource. Depending on the Kanaka configuration, the URL format can be AFP or CIFS/SMB.
The process for mounting collaborative storage resources, as well as eDirectory Storage Location Objects, is the same as the process for mounting user home directories.
Kanaka Plug-In, Mac OS X and Mobile Accounts
The Kanaka Plug-in leverages Apple's mobile account feature. Mobile accounts combine the ease of management in network accounts with the performance and portability of local home directories. The concept is that the user account information is stored in a network directory service and at login, cloned to the local directory on a client system. You have the option of cloning network home directory contents to the local system and the flexibility to configure the mirroring of your work so that your network home directory and your local home directory always contain the same data.
When a user logs in to Mac OS X, based on its configuration, the Kanaka Engine (hosted on a Novell Open Enterprise Server 2, Windows Server 2008 or Windows 7 workstation) will indicate if the user is to be a network account or a mobile account. If mobile accounts are enabled, Mac OS X will create a mobile account for the user if one doesn't already exist. If one does exist, Mac OS X will update its locally-cached information for the user and the login proceeds. In both cases the user's network home directory and collaborative storage resources will be mounted.
Authentication and Storage Mounting via the Kanaka Desktop Client
The Kanaka Desktop Client is the sensible connectivity option for users who require access to network storage resources, but are not required to authenticate to eDirectory each time they log in to their Mac. Users who already have local accounts, for example, might prefer this option because it would not require a process to convert their local account to a network account-which would be the scenario with the Kanaka Plug-in.
Additionally, the Kanaka Desktop Client is ideal for Mac OS X users who are on the go and often connect to the organization's network via VPN. Kanaka allows you to first log in to your organization's VPN and then use the Kanaka Desktop Client to access your network storage.
The process for authenticating to eDirectory begins with entering the eDirectory user name and password in the Kanaka Desktop Client. (See Figure 3.)
From there, the process of mounting the user's network home directory and collaborative storage follows the same process as the Kanaka Plug-in.
(See Figure 4.)
Kanaka makes the traditional challenges of Mac OS X authentication and access to Novell networks truly a thing of the past. Through flexible Novell eDirectory authentication methods and single login for access to all network user and collaborative storage resources, Kanaka assures Mac OS X users access to their Novell network storage while eliminating configuration headaches.
- 01. Evaluation Software Download Area +
- 02. Kanaka 2.1 Online Webinar +
- 03. Novell Open Enterprise Server +
- 04. Windows Server +