Password Synchronization
A major problem in a mixed environment is the need for different passwords on different systems. In a pure NT environment, you can use the NT domain architecture's features to provide one user account and password, creating a single sign-on (SSO) that is valid throughout your company. In a UNIX environment, you can use NIS to synchronize passwords across multiple UNIX machines. However, in the past, synchronizing passwords between NT and UNIX has been difficult.
In SFU 1.0, Microsoft provides an intermediate step to synchronize NT and UNIX passwords rather than fully integrate NT into the UNIX NIS system. SFU 1.0's password-synchronization method works in only one direction—SFU automatically propagates changes you make on an NT machine to a UNIX machine. You can designate a group of UNIX machines (i.e., a pod) that will receive the synchronized password. Passwords must comply with the password rules you define for the NT machine, ensuring a consistent password policy.
SFU 2.0 includes several command-line tools (e.g., ypcat, yppush) that let you directly manage NIS. This functionality includes the ability for an NT server to be a master NIS server in your NIS domain. In addition, a Win2K machine can serve as both an NIS domain master and a Win2K domain master. This capability is partly a result of SFU's inclusion of an NIS source-file migration wizard, which lets you integrate NIS information into Win2K's Active Directory (AD). After you integrate NIS information into AD, you can manage all users through AD.
However, if your UNIX machines don't support NIS or don't have it configured, SFU 2.0 lets you use the SFU 1.0 method to synchronize passwords. You can synchronize passwords by sending them in clear text or encrypted. Sending clear-text passwords lets you synchronize with most UNIX versions because clear-text passwords require only that you properly configure the .rhosts file on the UNIX machine. Sending encrypted passwords requires you to install the single sign-on daemon (SSOD) on the UNIX machines. The SSOD isn't available for all UNIX versions, so sending encrypted passwords is a limiting factor. As of this writing, the SSOD is available in executable format for only HP-UX, Sun Solaris, and Digital UNIX. However, Microsoft plans to support other UNIX versions, including Linux.
Easier Administration
Although the current versions of various UNIX dialects provide a graphical interface for administrative functions, most UNIX administrators are more comfortable using a command line than using graphical tools. The command line is not only faster for many tasks but lets you perform actions that you can't perform using the graphical tools. Microsoft designed NT primarily for access through the GUI, and NT's inherent inability to remotely administer machines from the command line severely limits administrators.
Telnet server and client. Microsoft's inclusion of a Telnet server in SFU eliminates this limitation. All NT versions include a Telnet client that lets you connect to a remote machine and gives you a command-line window from which you can perform tasks as if you were local. The difference is that SFU's Telnet server lets you connect to an NT machine from any system that has a Telnet client.
SFU's Telnet server includes several configuration options that make it different from its UNIX counterpart. For example, you can use SFU's Telnet server tlntadmn.exe utility to configure the default shell, a specific logon script, the maximum number of connections, and other connection characteristics. SFU also includes graphical and command-line versions of the Telnet client.
MMC administration. Microsoft further simplifies SFU administration by integrating SFU into the Microsoft Management Instrumentation architecture. This integration lets you administer SFU's various components from the Microsoft Management Console (MMC) and the command line.
UNIX Scripting Tools
SFU includes several powerful tools and command-line utilities. Although you get only a handful of the well-known UNIX utilities, the tools that SFU includes make up the bulk of any good UNIX administrator's toolkit. Table 2 outlines the UNIX tools that SFU includes.
One of SFU's most significant tools is the Korn shell command-line interpreter. (UNIX shells are usually more powerful than NT's command prompt.) Microsoft included this tool because the company realizes the advantage of a UNIX shell and goes so far as to call it a command and programming language. I agree that the UNIX shell is more than just a command-line interpreter. The shell's programming constructs, which are available directly from the command line, make it extremely powerful. In addition to complex programming constructs, the Korn shell lets you recall and edit previous commands to a much greater extent than the NT command line does. No wonder the shell scripts handle most of the administrative functions involved with starting a UNIX system, such as setting up environment variables, ensuring directories exist, and starting and stopping system services in the right order. As with many aspects of the system, SFU provides users with the choice of what shell they use. Each shell has unique characteristics and features, but all have the same basic functionality.
SFU lets users run many UNIX scripts on NT systems. Microsoft has licensed more than 30 UNIX scripting commands from Mortice Kern Systems (MKS). These commands let users automate common processes and administrative tasks across NT and UNIX platforms.
Another significant aspect of SFU 2.0 is the inclusion of ActiveState Tool's ActivePerl scripting engine. ActivePerl includes PerlScript, which is an ActiveX scripting engine that lets you use Perl with any ActiveX scripting host, such as Microsoft Internet Information Server (IIS) and Windows Scripting Host (WSH). ActivePerl also contains the Perl Package Manager (PPM), which simplifies the management of Perl modules (i.e., extensions and additions to existing modules).
The Best of Both Worlds
If you're interested only in adding command-line and scripting tools to NT, SFU might be overkill—especially when you consider that SFU provides only about one-tenth the tools that the full MKS toolkit offers for about the same price. However, if you're looking for additional command-line capability combined with NT and UNIX integration, SFU is worth a look.
Register
