<artwork />   <projects />   <rhetoric />   <snippets />

Some System Preference Panes Crash When GeneratedUID is Missing in Mountain Lion (and newer)
Thursday, September 19th, 2013

I had assumed incorrectly that Managed Control Settings (MCX) on Mac OS X was to blame. I apologize somewhat grudgingly for badmouthing MCX for the past few months. I’m not that sorry, though, since MCX is still fairly painful to use. The Problem: Some System Preference panes would crash when an LDAP/Kerberos user attempted to […]

How to Change a Singer 338 Sewing Machine Belt
Friday, October 12th, 2012

This is a small departure from my more recent computer centric posts, but I thought it was worth posting, since most of the directions online are text only. I’ve changed belts on Singers with external motors before, but this was my first time changing an internal belt. This post should probably help anyone with a […]

More Mac OS X 10.8 Kerberos Updates
Friday, September 14th, 2012

I updated my previous post, Mac OS X 10.7 (and 10.8!), to correct some tricky errors. I had been forced to stop at good enough, but now that I’m migrating our Macs to Mountain Lion, I was able to knock out some more Kerberos bugs. Please pay careful attention to the changes to /etc/pam.d/authorization, /etc/pam.d/sudo, […]

My Super Terrible dmidecode Facter Puppet Plugin
Tuesday, July 17th, 2012

It’s terrible, but it works. I needed a way to add special kernel options to certain pieces of hardware on my network. Facter (no doubt in an effort to be backwards compatible and friendly) is lacking some really spiffy dmidecode values. If you’ve never used this tool, go ahead and run it like so: sudo […]

Mac OS X 10.7 (and 10.8!): Kerberos is Back
Tuesday, June 26th, 2012

Hey, guess what? This works with Mountain Lion (10.8) too. I love you, Mountain Lion. UPDATE (9/14/2012): I put a lot of redundant lines and options in Mac OS X’s pam.d files that I didn’t need to. I finally was able to find the time to go back and test things more thoroughly during our […]

Apache, phpLDAPadmin and Kerberos
Friday, May 25th, 2012

It occurs to me that I haven’t touched on Apache’s Kerberos support, which is provided by the mod_auth_kerb module. This is the module that lets you restrict access to web pages using Kerberos or store Kerberos tickets for web applications to use. Much like in my previous post, Kerberizing Services in RHEL6, we’ll create a […]

SSSD’s Kerberos Cache Problems
Friday, May 4th, 2012

In RHEL 6.2, at least, SSSD doesn’t always clear its cache for the Kerberos provider. I found this out when I decided to change the group name on our LDAP server. Computers that used straight up LDAP dutifully reflected the change nearly immediately (we use nslcd, so restarting the nslcd service provided a nearly instantaneous […]

My Mac OS X 10.7 Kerberos Workarounds
Thursday, March 22nd, 2012

Update: Some of this has been superseded by my new post on the subject, Mac OS X 10.7: Kerberos is Back. authAuthority does not appear to actually be required, but there is a line that must be added to /etc/pam.d/authorization. Currently, I have Kerberos on Lion using SSH. To do this, I had to install […]

Managing Lion’s OpenDirectoryd in Puppet
Wednesday, March 21st, 2012

Lion introduced OpenDirectory as a replacement for DirectoryService. The configuration looks practically identical in the GUI, but the output plist files are different enough that you have to recreate them. I use a custom LDAP mapping, so to help me remember my settings, I had my old DSLDAPv3PlugInConfig.plist open in a text editor while I […]

Why Setting /usr/bin/ldd to mode 0000 can Have Unintended Consequences
Tuesday, March 20th, 2012

At work, I applied the RHEL 5 Draft STIG to some of our systems in an effort to increase our security. (STIGs are security checklists, and they’re available for a multitude of operating systems and devices. Unfortunately, they are frequently out of date, hence why I’m applying a RHEL 5 STIG to a RHEL 6 […]

about | blog | email | links | sitemap

Entries (RSS) and Comments (RSS).