Introduced in 2005, the Kanaka Plug-in simplifies authentication to eDirectory along with access to a user’s network home directory and collaborative storage through a single password login process. The Kanaka Plug-in requires users to enter valid eDirectory credentials via the Mac OS X login window in order to log in and gain access to the desktop and any storage resources that are made available to them.
Figure 2-2 The Kanaka Plug-In Authenticates via the Mac OS X Login Window
NOTE:The technology in Novell Kanaka for Mac was developed with the encouragement and on-site engineering support from the Apple Directory Services Engineering group. Apple recommends the product as a preferred solution for Mac integration with Novell eDirectory.
As an identity-based product, Kanaka utilizes Novell eDirectory to view network user and collaborative storage attributes that pertain to a user and then mounts the storage resources accordingly.
Figure 2-3 Mac OS X Finder
The screen shot above shows the Mac OS X Finder displaying a user’s network storage resources. Novell Kanaka for Mac can be configured so that these storage resources are mounted on the Mac OS X desktop or as shortcuts in the Dock.
Novell Kanaka for Mac brings together native Mac OS X technology, standard eDirectory authentication, and Novell’s Native File Access connectivity. Kanaka communicates with Novell eDirectory to perform contextless user authentication and retrieve identity information in order to automatically mount both user home directories and collaborative storage resources located on Novell file servers via Novell’s Native File Access protocols.
Native File Access allows OS X systems to connect to Novell servers through AFP or CIFS/SMB (Common Internet File System/Server Message Block) protocols. Novell Kanaka for Mac also leverages Novell NetStorage by providing the ability to automatically mount storage resources defined by Storage Location Objects.
While logging in to Mac OS X, the user is simultaneously authenticated to eDirectory through a Novell Simple or Universal password. From eDirectory, Novell Kanaka for Mac then retrieves identity information specific to the user including the home directory, Novell login script, and collaborative storage attributes.
Upon retrieving these attributes, the Kanaka Plug-in converts them from their native format into a URL format that is needed by Mac OS X to mount the storage resource. Depending on the configuration, the URL format can be AFP or CIFS/SMB.
The process for mounting collaborative storage resources, as well as eDirectory Storage Location Objects, is the same as the process for mounting user home directories.
IMPORTANT:When authenticating using the Kanaka Plug-In, the Mac workstation must not contain a local user account with the same name as the network account. If Mobility is enabled, a local “Mobile” account will be created.
The Kanaka Plug-in leverages Apple’s Mobile Account feature. Mobile accounts combine the ease of management in network accounts with the performance and portability of local home directories. The concept is that the user account information is stored in a network directory service. At login, it is cloned to the local directory on a client system. You have the option of cloning network home directory contents to the local system and the flexibility to configure the mirroring of your work so that your network home directory and your local home directory always contain the same data.
When a user logs into a Mac, based on its configuration, the Kanaka Engine indicates if the user is to be a network account or a mobile account. If mobile accounts are enabled, Mac OS X creates a mobile account for the user if one doesn’t already exist. If a mobile account does exist, Mac OS X updates its locally cached information for the user and the login proceeds. In both cases the user’s network home directory and collaborative storage resources are mounted.
Mobile Accounts provide several benefits:
Less network traffic than traditional network accounts. Reading and writing from the user’s network home directory can be minimized.
User’s network home directory quotas can be smaller. ~/Library is not stored in the network home directory.
If the network is down or the laptop is not on the corporate network, users can still log in to their local accounts with their eDirectory usernames and passwords.
Apple provides a synchronization service for users to sync their local home directories with their network home directories and vice versa.
Users who authenticate to eDirectory via the Kanaka Plug-in can use the Kanaka Plug-in Console to view and minimally manage their identity within eDirectory. Kanaka Plug-in Console options let users view select user account information, monitor the quota for their network user and collaborative storage space, and change their eDirectory passwords.
Figure 2-4 Identity Information Displayed in the Kanaka Plug-In Console
Clicking Identity displays eDirectory identity information, including the user’s FDN (fully distinguished name).
The Kanaka Plug-in Console lists all mounted network storage resources for the user along with storage quota data.
Figure 2-5 eDirectory Password Management through the Kanaka Plug‐in Console
The Kanaka Plug-in Console also lets users change their eDirectory passwords natively through the OS X platform.