2.4 Kanaka Plug-In

The Kanaka Plug-in simplifies authentication to eDirectory along with access to a user’s network home directory and collaborative storage through a single password login process. The Kanaka Plug-in requires users to enter valid eDirectory credentials via the macOS login window in order to log in and gain access to the desktop and any storage resources that are made available to them.

Figure 2-2 The Kanaka Plug-In Authenticates via the Mac macOS Login Window

As an identity-based product, Micro Focus Kanaka for Mac utilizes eDirectory to view network user and collaborative storage attributes that pertain to a user and then mounts the storage resources accordingly.

Figure 2-3 macOS Finder

The screen shot above shows the Finder displaying a user’s network storage resources. Micro Focus Kanaka for Mac can be configured so that these storage resources are mounted on the macOS desktop or accessed as shortcuts in the Dock.

Micro Focus Kanaka for Mac brings together native macOS technology, standard eDirectory authentication, and Open Enterprise Server’s Native File Access connectivity. Micro Focus Kanaka for Mac communicates with eDirectory to perform contextless user authentication and retrieve identity information in order to automatically mount both user home directories and collaborative storage resources located on servers and other storage resources via Open Enterprise Server’s Native File Access protocols.

Native File Access allows macOS systems to connect to OES servers through AFP or CIFS/SMB (Common Internet File System/Server Message Block) protocols. Micro Focus Kanaka for Mac also leverages NetStorage by providing the ability to automatically mount storage resources defined by Storage Location Objects.

2.4.1 Authentication and Mounting via the Kanaka Plug-In

While logging in to macOS, the user is simultaneously authenticated to eDirectory through a Simple or Universal password. From eDirectory, Micro Focus Kanaka for Mac then retrieves identity information specific to the user including the home directory, login script, and collaborative storage attributes.

Upon retrieving these attributes, the Kanaka Plug-in converts them from their native format into a URL format that is needed by macOS to mount the storage resource. Depending on the configuration, the URL format can be AFP or CIFS/SMB.

The process for mounting collaborative storage resources, as well as eDirectory Storage Location Objects, is the same as the process for mounting user home directories.

IMPORTANT:When authenticating using the Kanaka Plug-In, the macOS workstation must not contain a local user account with the same name as the network account. If Mobility is enabled, a local “Mobile” account will be created.

2.4.2 Kanaka Plug-In, macOS, and Mobile Accounts

The Kanaka Plug-in leverages Apple’s Mobile Account feature. Mobile accounts combine the ease of management in network accounts with the performance and portability of local home directories. The concept is that the user account information is stored in a network directory service. At login, it is cloned to the local directory on a client system.

When a user logs into macOS, based on its configuration, the Kanaka Engine indicates if the user is to be a network account or a mobile account. If mobile accounts are enabled, macOS creates a mobile account for the user if one doesn’t already exist. If a mobile account does exist, macOS updates its locally cached information for the user and the login proceeds. In both cases the user’s network home directory and collaborative storage resources are mounted.

Mobile Accounts provide several benefits:

  • Less network traffic than traditional network accounts. Reading and writing from the user’s network home directory can be minimized.

  • User’s network home directory quotas can be smaller. ~/Library is not stored in the network home directory.

  • If the network is down or the laptop is not on the corporate network, users can still log in to their local accounts with their eDirectory usernames and passwords.

2.4.3 Kanaka Plug-In Console

Users who authenticate to eDirectory via the Kanaka Plug-in can use the Kanaka Plug-in Console to view and minimally manage their identity within eDirectory. Kanaka Plug-in Console options let users view select user account information, monitor the quota for their network user and collaborative storage space, and change their eDirectory passwords.

Figure 2-4 Identity Information Displayed in the Kanaka Plug-In Console

Clicking Identity displays eDirectory identity information, including the user’s FDN (fully distinguished name).

The Kanaka Plug-in Console lists all mounted network storage resources for the user along with storage quota data.

Figure 2-5 eDirectory Password Management through the Kanaka Plug-in Console

The Kanaka Plug-in Console also lets users change their eDirectory passwords natively through the macOS platform.