Whether you’re running Macintosh, UNIX, or Windows machines, Apple’s
upcoming Jaguar release is worth a good, long look. For Mac managers,
Jaguar (MacOS 10.2) will bring new LDAP-enabled GUI management tools.
UNIX administrators will get a new command line interface (CLI). They
should also find it easier to port their applications to Darwin, Apple’s
implementation of the FreeBSD OS. Windows will gain greater Mac
integration through Kerberos, PPTP, and expanded file/print sharing
support. And these are only a few examples of OS X’s increasing
crossplatform functionality.
As OS X enters its third iteration, though, its features stand at
varying levels of strength and maturity. Jaguar, a release slated to
ship on August 24, will introduce Apple’s first LDAP directory, plus
Workgroup Manager and other new management offerings. Workgroup Manager
will be able to work with any vendor’s LDAP directory – even, to some
degree, Microsoft’s Active Directory, says Tom Goguen, director,
server software, in Apple’s Worldwide Product Marketing.
For businesses and higher ed, Workgroup Manager’s support for
multivendor directories is “huge,” according to Goguen. “Lots of them
already have LDAP deployed. We’ll just work with what they have.”
Also in Jaguar, Apple will roll out first-time support for Common UNIX
Print System (CUPS), for print sharing. OS X already supported UNIX file
sharing through NFS. Meanwhile, Jaguar will increase Apple’s current
support for Windows file and print sharing via SMB-based Samba.
Some older OS X features could still use improvement, though, including
MacOS’s built-in print, mail, and IPFW firewall capabilities, according
to administrators and consultants familiar with Jaguar. Apple, however,
is about to give IPFW an easier-to-use interface, according to Thomas
Weyer, a senior engineer at Apple focusing on xServer, Mac OS X Server,
and networking.
“Some features in Jaguar are more robust than others,” observes Schoun
P. Regan, CEO of The Mac Trainers. “What can we say about the print
service, except that it needs work?” he asks.
“If you’re supporting 50 users, you’re probably okay (with the built-in
mail server) – but if you’re supporting 500 users, I’d try something
else,” Regan says.
Also for UNIX administrators, Jaguar marks the debut of Apple’s Terminal
Manager CLI. “Still, OSX isn’t your grandfather’s UNIX,” points out
Leonard Rosenthol, chief technology officer with PDF Sages, Inc.
Here, below, is a more detailed rundown of the standout features in the
next release of MacOS, divided into three categories of interest: Mac
administrators, Windows integration, and UNIX managers. Some of these
features are brand new in Jaguar, a product release announced at the
recent MacWorld show. Other features mentioned here are holdovers from
previous OS X releases, usually with new enhancements. We’ll wrap up
with a discussion of a couple of features that AREN’T in Jaguar.
What’s In Jaguar For Mac Administrators?
Firewall – OS X’s built-in IPFW firewall is “full-featured,” maintains
Dr. Steven M. Erde, director, Office of Academic Computing, at Cornell
University. Erde also notes, though, that up to now, many Mac managers
have used a software product from BrickHouse in order to gain a GUI for
IPFW configuration. Some have turned to software or hardware firewalls
from other third-party vendors to get additional capabilties.
In Jaguar, however, IPFW will get a rules-based interface, according to
Apple’s Weyer. “The firewall will come with many preconfigured rules,”
Weyer says. Administrators will also be able to set rules that can lock
out users by protocol, as well as “port-by-port, by range of ports, or
by series of ports.”
Mail Server – OS X’s mail services include POP and IMAP, with SMTP agent sendmail at its core.
Other capabilities include junk mail filtering; automatic mail deletion;
mail notification; DNS mail caching; and mail exchange lookup, for
instance.
“All mail is stored in a central database,” Regan says. On the other
hand, “the mail server logs do not show actual mail errors that may
result from misconfiguration.” Other administrators have complained
about the mail server’s virtual memory limitations.
Rendezvous – Apple is giving the “Rendezvous” brand name to its own
implementation of Zero Configuration, a new IP-based technology for
automatically locating and connecting to available peripherals and
computers on the local network.
Apple and other members of an IETF working group are proposing Zeroconf
as a new industry standard. “Zeroconf means making it possible to take
two laptop computers, and connect them with a crossover Ethernet cable,
and have them communicate usefully using IP, without needing (an
administrator) to set it all up for you. We’re not limiting the network
to just two hosts, but we want to take that as the starting point,”
according to a document posted on the IETF Web site.
LDAP Directory – Jaguar includes LDAP 3.0, as opposed to the LDAP 2.0
supported in OS 10.1 (previously codenamed Python), Goguen says. OS
10.1, moreover, used LDAP solely in its mail server and address books.
Jaguar’s new LDAP directory will come with a built-in SASL password
server for authenticating Mac, Windows and FTP clients. Jaguar
administrators will also be able to use Apple’s NetInfo directory
services. NetInfo, however, might not be around much longer. “Next year,
it’ll be LDAP, LDAP, and more LDAP,” according to Regan.
Workgroup Manager – Apple’s new LDAP-based replacement for Macintosh
Manager enables management of users, groups, and computers.
Administrators can set preferences for system configurations;
applications; login; docking; printers; and more.
“For easier management, I might decide not to let end users mess with
the network settings, for instance. As a network manager, you don’t want
to have users inadvertently change what you’ve done,” Goguen elaborates.
Still, Workgroup Manager reflects a bit of the rigidity of Jaguar’s
underlying UNIX OS, Regan suggests. “This isn’t Windows 2000. You can’t
configure groups within groups,” he illustrates.
Remote installation and management – Jaguar will come with NetInstall,
for automatic software distribution to network clients, and NetBoot.
NetBoot is a new utility for storing workgroup desktop configurations in
a single disk image on either a Max OS X or NFS server.
“NetBoot is a great thing for network managers, because administrators
want the least possible maintenance. When users log on to the server,
the system is configured just the way the administrator has set it up,”
Goguen maintains.
Server Setup and Server Monitor. Other new point-and-click tools in
Jaguar include Server Setup and Server Monitor. Server Monitor will only
be available on a bundled basis with Apple’s xServer hardware, according
to Goguen.
Multiplatform Web authoring – For administrators, MacOS will now support
the Ruby object-oriented programming language, as well as both Java
2 and Web-based service protocols SOAP and XML-RPC. Support will also
continue for Perl; UNIX scripts; AppleScript CGIs; PHP; and MySQL.
In Jaguar, end users will gain the ability to author server-based Web
pages through Webdav.
What’s In Jaguar For Windows Integration?
Active Directory Integration – Goguen points to certain levels of
integration between Apple’s LDAP Directory and Microsoft’s Active
Directory.
“We can’t manage a new user in Active Directory, but we can manage an
existing user. It takes a couple of extra steps to get there, but
administrators using Active Directory on Windows can manage Macintosh
work groups from within Windows. We’d like to integrate with Active
Directory even more,” he says.
Kerberos – Apple’s newly added implementation of Kerberos encryption is a
port from Windows, according to Weyer.
PPTP – On the other hand, Apple’s new PPTP implementation, also debuting
in Jaguar, is not a port. “Apple created its own PPTP
implementation,” Goguen says. Microsoft’s particular implementation of
PPTP, though, has drawn criticism for security holes which allegedly let
attackers sniff passwords, break encryption schemes, and launch denial
of service attacks. As an alternative VPN security mechanism, Apple’s
Jaguar also includes IPsec, a protocol much more prevalent
industry-wide.
WINS – OS X has included WINS since 10.1, according to Goguen. “WINS,
though, is a disaster waiting to happen. I can see why Microsoft has
been withdrawing its support from WINS,” Regan says. In Internet
newsgroups, users have lamented WINS woes ranging from “database entries
that make no sense” to Samba integration glitches.
Print sharing through SMB – Before the advent of Mac OSX, Mac users
needed to run a third-party application called DAVE to get their
machines to speak SMB.
Jaguar will contain fuller support for Microsoft’s SMB/CIFS protocols
implemented earlier in OS X. Beyond the server support introduced in
Python, Jaguar adds SMB client support, Goguen says.
Windows users will be able to print transparently through their native
protocols, without installing additional software. Mac users will be
able to use either OS X’s Print Center or OS 9’s Desktop Printer
Utility.
For their part, administrators can set up multiple print queues to
PostScript printers over either TCP/IP, AppleTalk or USB; assign unique
job settings, priority, and sharing options to each print queue; and
stipulate disk storage quotas per user.
File sharing – Apple has now integrated Samba with Jaguar’s LDAP
Directory for password-based user authentication. As a result, a
separate database won’t be needed for Windows systems. Through the LDAP
Directory’s built-in password server, users will be able to access their
network files from both Windows and Macs without changing their user
names or passwords.
On Windows clients, users will be able to view OS X servers and browse
for files. The shared file streams hosted on OS X will appear in Windows’
Network Neighborhood, Goguen says.
What’s In Jaguar For UNIX Managers?
Easier portability of UNIX apps – Apple is adding several new features
in the interests of easier portability for UNIX apps. The POSIX API has
been enhanced with thread signaling and I/O (pthread_kill,
pthread_cancel, pread, and pwrite). Solaris and Linux administrators
will now be able to get SysV IPC and semaphores, such as “ftok,” from a
single compatibility library, for instance.
Still, though, porting a UNIX app to MacOS often involves more than a
simple recompile, according to Rosenthol. “It’s not one of the other
flavors of Linux, so you can’s just go pull down Linux or Solaris
binaries. RPMs and debs are out. So what do you get? Tarballs,” he says,
referring to the UNIX-standard compressed archives.
Apple uses its own native package format for Mac OS X. GNU-Darwin and
Fink packaging can also work, according to Rosenthol. Before installing
the package, you need to build the software using the traditional UNIX ‘make’ application. First, though, you need to be
sure the app is configured for the new operating environment. Some
programs don’t have the necessary checks to configure themselves for Mac
OS X. In those situations, Rostenthol recommends copying helper files
such as config.guess.
Terminal Manager – Jaguar’s new Terminal Manager will get UNIX
administrators to the command line. “We’re including a CLI because
that’s what UNIX users want,” Goguen says..
“MacOS X is based on UNIX and features a (nearly) complete POSIX
subsystem. Since I rely heavily on UNIX commands and Emacs, and since I
would have to do all these things manually in XP, MacOS X beats XP for
me,” concurs one administrator, in a newsgroup posting.
“UNIX administrators usually have a favorite command shell,” Goguen
adds. “Terminal Manager supports a number of them through the Darwin
Project. We also ship the necessary ‘make’ and compile tools.”
Printer sharing through CUPS – CUPS was developed by Easy Software
Products as a portable printing layer for UNIX OS. The system uses
Internet Printing Protocol as the basis for managing print jobs and
queues. PostScript Printer Description (PPD)-based printing options are
available, as well. CUPS also supports several other protocols at
“reduced functionality,” including SMB, line printer daemon (LPD)
server, and AppSocket, according to EasySoft officials.
File sharing through NFS – In Jaguar, Apple will augment NFS file
sharing with a default setting in the FTP server that prohibits
anonymous users from either changing file permissions or deleting,
renaming, overwriting or uploading files.
What ISN’T In Jaguar?
A Microsoft Exchange client – At this point, neither Apple nor Microsoft
is providing a Microsoft Exchange client for MacOS.
“MacOS users can now use IMAP to read e-mail from Exchange. This is not
a 100 percent solution, though,” Goguen acknowledges.
Also at MacWorld, Microsoft introduced Remote Desktop Connection, free
software designed to let Mac users access data stored on Exchange and
other Windows servers.
“No Exchange client is planned by Apple. Microsoft has been looking at
that, but I don’t know what their plans are,” Weyer says. “Microsoft’s
Exchange implementation is ‘proprietary.’ If you want it, you’ll have to
get it from Microsoft.”
An X Window interface — “Yes, It’s true. Mac OS X doesn’t include an
implementation of X Window!” Rosenthol observes.
Apple, in fact, has no plans to put X Window in MacOS, according to
Goguen. “This is primarily because we have such a great graphics engine.
That’s where we really shine.”
It’s now possible, though, to run X Window on MacOS with the use of
either XDarwin, a Cocoa application, or XFree 4.1, according to
Rosenthol. Third- party commercial software is also available for this
purpose, Goguen says.
Many graphical UNIX applications, though, can be run without X Window
in command line mode, according to Goguen. “The graphical part is
separate from the actual application.” Apple, he notes, produces a Cocoa
product called Interface Builder that lets users create their own
Macintosh graphics for applications.
