Update: Some of this has been superseded by my new post on the subject, Mac OS X 10.7: Kerberos is Back. authAuthority does not appear to actually be required, but there is a line that must be added to /etc/pam.d/authorization. Currently, I have Kerberos on Lion using SSH. To do this, I had to install [...]

Lion introduced OpenDirectory as a replacement for DirectoryService. The configuration looks practically identical in the GUI, but the output plist files are different enough that you have to recreate them. I use a custom LDAP mapping, so to help me remember my settings, I had my old DSLDAPv3PlugInConfig.plist open in a text editor while I [...]

At work, I applied the RHEL 5 Draft STIG to some of our systems in an effort to increase our security. (STIGs are security checklists, and they’re available for a multitude of operating systems and devices. Unfortunately, they are frequently out of date, hence why I’m applying a RHEL 5 STIG to a RHEL 6 [...]

We’re stuck with an old version of puppet on our Macs because our puppet server is running RHEL 6 (surprise) which is stuck at 2.6.14. My previous attempts to bridge major version differences have failed miserably. Now I just keep them in sync and sigh at all the awesome features I don’t get to play [...]

Work’s been super busy, so I had to put it off longer than I liked, but I finally got to test setting up a Lion OpenLDAP client. Success! OS X 10.7.3 finally fixes our problems. 10.7 and 10.7.1 were of course vulnerable to the widely publicized issue where it would accept any password after binding [...]

I wasted too much time this afternoon trying to figure out why rdiff-backup failed on ONE backup job in the wee hours of Sunday morning. All the others had completed successfully as expected. I finally Googled it. Guess what? It’s a known problem with daylight savings time. The full explanation is here: http://wiki.rdiff-backup.org/wiki/index.php/NoMetaData. Here’s the [...]

This took a little doing, and most of what I found on the Internet was very slightly off. Here’s what I came up with (and what works on RHEL 6): augeas { “Add MD5 password to Grub”: context => “/files/boot/grub/menu.lst”, changes => [ "ins password after timeout", "clear password/md5", "set password \$1\$KeSTX0\$giM/W8SGhE4tbBTSiaguu.", ], onlyif => [...]