<artwork />   <projects />   <rhetoric />   <snippets />


My Mac OS X 10.7 Kerberos Workarounds
Thursday, March 22nd, 2012

Update: Some of this has been superseded by my new post on the subject, Mac OS X 10.7: Kerberos is Back. authAuthority does not appear to actually be required, but there is a line that must be added to /etc/pam.d/authorization. Currently, I have Kerberos on Lion using SSH. To do this, I had to install […]


Managing Lion’s OpenDirectoryd in Puppet
Wednesday, March 21st, 2012

Lion introduced OpenDirectory as a replacement for DirectoryService. The configuration looks practically identical in the GUI, but the output plist files are different enough that you have to recreate them. I use a custom LDAP mapping, so to help me remember my settings, I had my old DSLDAPv3PlugInConfig.plist open in a text editor while I […]


Why Setting /usr/bin/ldd to mode 0000 can Have Unintended Consequences
Tuesday, March 20th, 2012

At work, I applied the RHEL 5 Draft STIG to some of our systems in an effort to increase our security. (STIGs are security checklists, and they’re available for a multitude of operating systems and devices. Unfortunately, they are frequently out of date, hence why I’m applying a RHEL 5 STIG to a RHEL 6 […]


Puppet 2.6 Workaround for launchctl overrides.plist
Monday, March 19th, 2012

We’re stuck with an old version of puppet on our Macs because our puppet server is running RHEL 6 (surprise) which is stuck at 2.6.14. My previous attempts to bridge major version differences have failed miserably. Now I just keep them in sync and sigh at all the awesome features I don’t get to play […]


A Good Day for OS X Lion
Friday, March 16th, 2012

Work’s been super busy, so I had to put it off longer than I liked, but I finally got to test setting up a Lion OpenLDAP client. Success! OS X 10.7.3 finally fixes our problems. 10.7 and 10.7.1 were of course vulnerable to the widely publicized issue where it would accept any password after binding […]


Daylight Savings Time Can Break rdiff-backup
Monday, March 12th, 2012

I wasted too much time this afternoon trying to figure out why rdiff-backup failed on ONE backup job in the wee hours of Sunday morning. All the others had completed successfully as expected. I finally Googled it. Guess what? It’s a known problem with daylight savings time. The full explanation is here: http://wiki.rdiff-backup.org/wiki/index.php/NoMetaData. Here’s the […]


Setting a Grub MD5 Password with Augeas and Puppet
Thursday, March 1st, 2012

This took a little doing, and most of what I found on the Internet was very slightly off. Here’s what I came up with (and what works on RHEL 6): augeas { “Add MD5 password to Grub”: context => “/files/boot/grub/menu.lst”, changes => [ "ins password after timeout", "clear password/md5", "set password \$1\$KeSTX0\$giM/W8SGhE4tbBTSiaguu.", ], onlyif => […]


about | blog | email | links | sitemap

Entries (RSS) and Comments (RSS).