Jaguar Jumping Everywhere: Interoperate with Mac, UNIX, and Win32
Whether you're running Macintosh, UNIX, or Windows machines, Apple's upcoming Jaguar release is worth a good, long look. For Mac managers, Jaguar (MacOS 10.2) will bring new LDAP-enabled GUI management tools. UNIX administrators will get a new command line interface (CLI). They should also find it easier to port their applications to Darwin, Apple's implementation of the FreeBSD OS. Windows will gain greater Mac integration through Kerberos, PPTP, and expanded file/print sharing support. And these are only a few examples of OS X's increasing crossplatform functionality.
As OS X enters its third iteration, though, its features stand at varying levels of strength and maturity. Jaguar, a release slated to ship on August 24, will introduce Apple's first LDAP directory, plus Workgroup Manager and other new management offerings. Workgroup Manager will be able to work with any vendor's LDAP directory - even, to some degree, Microsoft's Active Directory, says Tom Goguen, director, server software, in Apple's Worldwide Product Marketing.
For businesses and higher ed, Workgroup Manager's support for multivendor directories is "huge," according to Goguen. "Lots of them already have LDAP deployed. We'll just work with what they have."
Also in Jaguar, Apple will roll out first-time support for Common UNIX Print System (CUPS), for print sharing. OS X already supported UNIX file sharing through NFS. Meanwhile, Jaguar will increase Apple's current support for Windows file and print sharing via SMB-based Samba.
Some older OS X features could still use improvement, though, including MacOS's built-in print, mail, and IPFW firewall capabilities, according to administrators and consultants familiar with Jaguar. Apple, however, is about to give IPFW an easier-to-use interface, according to Thomas Weyer, a senior engineer at Apple focusing on xServer, Mac OS X Server, and networking.
"Some features in Jaguar are more robust than others," observes Schoun P. Regan, CEO of The Mac Trainers. "What can we say about the print service, except that it needs work?" he asks.
"If you're supporting 50 users, you're probably okay (with the built-in mail server) - but if you're supporting 500 users, I'd try something else," Regan says.
Also for UNIX administrators, Jaguar marks the debut of Apple's Terminal Manager CLI. "Still, OSX isn't your grandfather's UNIX," points out Leonard Rosenthol, chief technology officer with PDF Sages, Inc.
Here, below, is a more detailed rundown of the standout features in the next release of MacOS, divided into three categories of interest: Mac administrators, Windows integration, and UNIX managers. Some of these features are brand new in Jaguar, a product release announced at the recent MacWorld show. Other features mentioned here are holdovers from previous OS X releases, usually with new enhancements. We'll wrap up with a discussion of a couple of features that AREN'T in Jaguar.
What's In Jaguar For Mac Administrators?
Firewall - OS X's built-in IPFW firewall is "full-featured," maintains Dr. Steven M. Erde, director, Office of Academic Computing, at Cornell University. Erde also notes, though, that up to now, many Mac managers have used a software product from BrickHouse in order to gain a GUI for IPFW configuration. Some have turned to software or hardware firewalls from other third-party vendors to get additional capabilties.
In Jaguar, however, IPFW will get a rules-based interface, according to Apple's Weyer. "The firewall will come with many preconfigured rules," Weyer says. Administrators will also be able to set rules that can lock out users by protocol, as well as "port-by-port, by range of ports, or by series of ports."
Mail Server - OS X's mail services include POP and IMAP, with SMTP agent sendmail at its core. Other capabilities include junk mail filtering; automatic mail deletion; mail notification; DNS mail caching; and mail exchange lookup, for instance.
"All mail is stored in a central database," Regan says. On the other hand, "the mail server logs do not show actual mail errors that may result from misconfiguration." Other administrators have complained about the mail server's virtual memory limitations.
Rendezvous - Apple is giving the "Rendezvous" brand name to its own implementation of Zero Configuration, a new IP-based technology for automatically locating and connecting to available peripherals and computers on the local network.
Apple and other members of an IETF working group are proposing Zeroconf as a new industry standard. "Zeroconf means making it possible to take two laptop computers, and connect them with a crossover Ethernet cable, and have them communicate usefully using IP, without needing (an administrator) to set it all up for you. We're not limiting the network to just two hosts, but we want to take that as the starting point," according to a document posted on the IETF Web site.
LDAP Directory - Jaguar includes LDAP 3.0, as opposed to the LDAP 2.0 supported in OS 10.1 (previously codenamed Python), Goguen says. OS 10.1, moreover, used LDAP solely in its mail server and address books.
Jaguar's new LDAP directory will come with a built-in SASL password server for authenticating Mac, Windows and FTP clients. Jaguar administrators will also be able to use Apple's NetInfo directory services. NetInfo, however, might not be around much longer. "Next year, it'll be LDAP, LDAP, and more LDAP," according to Regan.
Workgroup Manager - Apple's new LDAP-based replacement for Macintosh Manager enables management of users, groups, and computers. Administrators can set preferences for system configurations; applications; login; docking; printers; and more.
"For easier management, I might decide not to let end users mess with the network settings, for instance. As a network manager, you don't want to have users inadvertently change what you've done," Goguen elaborates.
Still, Workgroup Manager reflects a bit of the rigidity of Jaguar's underlying UNIX OS, Regan suggests. "This isn't Windows 2000. You can't configure groups within groups," he illustrates.
Remote installation and management - Jaguar will come with NetInstall, for automatic software distribution to network clients, and NetBoot. NetBoot is a new utility for storing workgroup desktop configurations in a single disk image on either a Max OS X or NFS server.
"NetBoot is a great thing for network managers, because administrators want the least possible maintenance. When users log on to the server, the system is configured just the way the administrator has set it up," Goguen maintains.
Server Setup and Server Monitor. Other new point-and-click tools in Jaguar include Server Setup and Server Monitor. Server Monitor will only be available on a bundled basis with Apple's xServer hardware, according to Goguen.
Multiplatform Web authoring - For administrators, MacOS will now support the Ruby object-oriented programming language, as well as both Java 2 and Web-based service protocols SOAP and XML-RPC. Support will also continue for Perl; UNIX scripts; AppleScript CGIs; PHP; and MySQL. In Jaguar, end users will gain the ability to author server-based Web pages through Webdav.
What's In Jaguar For Windows Integration?
Active Directory Integration - Goguen points to certain levels of integration between Apple's LDAP Directory and Microsoft's Active Directory.
"We can't manage a new user in Active Directory, but we can manage an existing user. It takes a couple of extra steps to get there, but administrators using Active Directory on Windows can manage Macintosh work groups from within Windows. We'd like to integrate with Active Directory even more," he says.
Kerberos - Apple's newly added implementation of Kerberos encryption is a port from Windows, according to Weyer.
PPTP - On the other hand, Apple's new PPTP implementation, also debuting in Jaguar, is not a port. "Apple created its own PPTP implementation," Goguen says. Microsoft's particular implementation of PPTP, though, has drawn criticism for security holes which allegedly let attackers sniff passwords, break encryption schemes, and launch denial of service attacks. As an alternative VPN security mechanism, Apple's Jaguar also includes IPsec, a protocol much more prevalent industry-wide.
WINS - OS X has included WINS since 10.1, according to Goguen. "WINS, though, is a disaster waiting to happen. I can see why Microsoft has been withdrawing its support from WINS," Regan says. In Internet newsgroups, users have lamented WINS woes ranging from "database entries that make no sense" to Samba integration glitches.
Print sharing through SMB - Before the advent of Mac OSX, Mac users needed to run a third-party application called DAVE to get their machines to speak SMB.
Jaguar will contain fuller support for Microsoft's SMB/CIFS protocols implemented earlier in OS X. Beyond the server support introduced in Python, Jaguar adds SMB client support, Goguen says.
Windows users will be able to print transparently through their native protocols, without installing additional software. Mac users will be able to use either OS X's Print Center or OS 9's Desktop Printer Utility.
For their part, administrators can set up multiple print queues to PostScript printers over either TCP/IP, AppleTalk or USB; assign unique job settings, priority, and sharing options to each print queue; and stipulate disk storage quotas per user.
File sharing - Apple has now integrated Samba with Jaguar's LDAP Directory for password-based user authentication. As a result, a separate database won't be needed for Windows systems. Through the LDAP Directory's built-in password server, users will be able to access their network files from both Windows and Macs without changing their user names or passwords.
On Windows clients, users will be able to view OS X servers and browse for files. The shared file streams hosted on OS X will appear in Windows' Network Neighborhood, Goguen says.
What's In Jaguar For UNIX Managers?
Easier portability of UNIX apps - Apple is adding several new features in the interests of easier portability for UNIX apps. The POSIX API has been enhanced with thread signaling and I/O (pthread_kill, pthread_cancel, pread, and pwrite). Solaris and Linux administrators will now be able to get SysV IPC and semaphores, such as "ftok," from a single compatibility library, for instance.
Still, though, porting a UNIX app to MacOS often involves more than a simple recompile, according to Rosenthol. "It's not one of the other flavors of Linux, so you can's just go pull down Linux or Solaris binaries. RPMs and debs are out. So what do you get? Tarballs," he says, referring to the UNIX-standard compressed archives.
Apple uses its own native package format for Mac OS X. GNU-Darwin and Fink packaging can also work, according to Rosenthol. Before installing the package, you need to build the software using the traditional UNIX 'make' application. First, though, you need to be sure the app is configured for the new operating environment. Some programs don't have the necessary checks to configure themselves for Mac OS X. In those situations, Rostenthol recommends copying helper files such as config.guess.
Terminal Manager - Jaguar's new Terminal Manager will get UNIX administrators to the command line. "We're including a CLI because that's what UNIX users want," Goguen says..
"MacOS X is based on UNIX and features a (nearly) complete POSIX subsystem. Since I rely heavily on UNIX commands and Emacs, and since I would have to do all these things manually in XP, MacOS X beats XP for me," concurs one administrator, in a newsgroup posting.
"UNIX administrators usually have a favorite command shell," Goguen adds. "Terminal Manager supports a number of them through the Darwin Project. We also ship the necessary 'make' and compile tools."
Printer sharing through CUPS - CUPS was developed by Easy Software Products as a portable printing layer for UNIX OS. The system uses Internet Printing Protocol as the basis for managing print jobs and queues. PostScript Printer Description (PPD)-based printing options are available, as well. CUPS also supports several other protocols at "reduced functionality," including SMB, line printer daemon (LPD) server, and AppSocket, according to EasySoft officials.
File sharing through NFS - In Jaguar, Apple will augment NFS file sharing with a default setting in the FTP server that prohibits anonymous users from either changing file permissions or deleting, renaming, overwriting or uploading files.
What ISN'T In Jaguar?
A Microsoft Exchange client - At this point, neither Apple nor Microsoft is providing a Microsoft Exchange client for MacOS.
"MacOS users can now use IMAP to read e-mail from Exchange. This is not a 100 percent solution, though," Goguen acknowledges.
Also at MacWorld, Microsoft introduced Remote Desktop Connection, free software designed to let Mac users access data stored on Exchange and other Windows servers.
"No Exchange client is planned by Apple. Microsoft has been looking at that, but I don't know what their plans are," Weyer says. "Microsoft's Exchange implementation is 'proprietary.' If you want it, you'll have to get it from Microsoft."
An X Window interface -- "Yes, It's true. Mac OS X doesn't include an implementation of X Window!" Rosenthol observes.
Apple, in fact, has no plans to put X Window in MacOS, according to Goguen. "This is primarily because we have such a great graphics engine. That's where we really shine."
It's now possible, though, to run X Window on MacOS with the use of either XDarwin, a Cocoa application, or XFree 4.1, according to Rosenthol. Third- party commercial software is also available for this purpose, Goguen says.
Many graphical UNIX applications, though, can be run without X Window in command line mode, according to Goguen. "The graphical part is separate from the actual application." Apple, he notes, produces a Cocoa product called Interface Builder that lets users create their own Macintosh graphics for applications.