As we mentioned earlier, we aim to simplify the complex and delay implementing what we haven't yet simplified. The challenge of a single network login is in that later category.
Currently every user has two accounts, a NT Domain login and a UNIX (NIS) login. While other NT and UNIX integration papers have focused on integrating logins we saw it as a holy grail that would waste our time if we pursued it.
We chose to use human discipline instead. That is, our SAs know to always use the same user name for a customer when creating their NT and UNIX logins. That is, my NT Domain user name is ``tal'' and my UNIX NIS login is also ``tal''. If I wish to change my password, I must do it twice, once for each system. (Or, I may choose to maintain separate passwords).
The ability of a NetApp to be programmed so that that ``tal'' in UNIX is ``tal'' in NT means the problem of dual platform file access is solved automatically. (NetApp permits us to specify exceptions to this rule if need be.) File permissions are handled like magic based on which protocol the request came from. That is, a request received by CIFS has NT file semantics and a request received by NFS has UNIX (POSIX) semantics [Hitz2].
In hindsight, if an integrated NT and UNIX environment simply means the same user name gets you to the same set of files then we achieved our goal without trying. Thus demonstrating the superiority of our ``delay the complex'' philosophy. We ``missed the bullet'' on that one.
If you feel that we are rationalizing the fact that we shirked our responsibility to achieve 100% perfect integration we have two responses:
First, we invite you to interview our customers who feel we have provided for the integration they needed. If their needs are met, the features we didn't complete aren't needed or we can surprise and delight them with such features when they do arrive.
Secondly, we could have spent the last two years developing a single login system and not had time to complete the other services we created. By the time we would have been done, LDAP (an open standard) has arrived. We would be left with a home-grown, incompatible single-login system that would break with every new release of NT and fewer of our other services would be complete. Instead we have a solid foundation to build on and are ready to embrace the coming third party products based on the newly developed standards. We are currently investigating the new single-login options available to us.