Tue 09 Sep 2003
Alice in Wonderland
Category : Technology/aliceinwonderland.txt
I've got a version of Postfix compiled to support SMTP-AUTH. I'm getting quite close to making it all work. But I couldn't quite make the saslpasswd2 command work with the rest of OS X's built-in SASL libraries and I don't want to have to override anything built-in. A search through Google shows that, as usual, there are others with the same problem and, also as usual, no sign of a solution. So I thought of avoiding sasldb and using pam, and that's where I had a sensation of falling through a trap-door.
It has led me to a discovery of Apple's efforts at integrating directory access - to support centralized network repositories for users, groups, passwords, security policy and other administrative data. What this means to an end-user is that you only need to make a single sign-on to your system, and from there you will be granted access to every service imagineable, either on your own machine or across the network, that you have the rights to.
Apple calls this Open Directory and, because it is designed to work with Microsoft's Active Directory, your single log-on gets you access to both Mac and Windows environments.
It makes it easy for the end user - you don't have to remember passwords for every service, e.g., for your mail, corporate and departmental web sites, databases, file servers, etc - and it also makes it easier for a systems administrator - he only needs to go to one place to update the access rights.
Michael Bartosh has a an excellent series of articles on MacDevCenter and this is just the start. Reading all these remind me of when I was wading through the Active Directory documentation. There's a lot of meat and you can start to believe that you may just have the tools to control the complexity of operations if the system needs to scale to match the size of a large enterprise.
I'm contrasting this feeling with the response I got from a message I sent out to a local Mac users' group about using the Terminal and the sudo command to delete stubborn files from the Trash. There's a general grumbling from OS 9 users about the loss of simplicity. I remember going through this phase too as I read MacFixit comments about the sudo command when I first tried out OS X Public Beta. I remember thinking that this contraption from NeXT may have a hard time trying to fly. I don't know when I became a full convert to OS X but it may be close to the time I got MySQL runnning, for which I remain eternally grateful to Marc Liyanage. (If there's anything I feel good about doing Sendmail Enabler, it's that he's actually got a link to the Sendmail Enabler page from his PHP page).
So the point I'm getting at is that Mac OS X is getting enormously powerful. And, increasingly relevant to an enterprise. There's going to be a point where the corporate IT guys are going to realise that, hey, there are a lot of fun stuff in there in OS X for them to play with, too. And they may just want to get in. There's when the tide will start to turn for Apple in the enterprise market.
But then again, I may be wrong. All I know is that, we're not in Kansas anymore.