This is a small departure from my more recent computer centric posts, but I thought it was worth posting, since most of the directions online are text only. I’ve changed belts on Singers with external motors before, but this was my first time changing an internal belt. This post should probably help anyone with a [...]

I updated my previous post, Mac OS X 10.7 (and 10.8!), to correct some tricky errors. I had been forced to stop at good enough, but now that I’m migrating our Macs to Mountain Lion, I was able to knock out some more Kerberos bugs. Please pay careful attention to the changes to /etc/pam.d/authorization, /etc/pam.d/sudo, [...]

It’s terrible, but it works. I needed a way to add special kernel options to certain pieces of hardware on my network. Facter (no doubt in an effort to be backwards compatible and friendly) is lacking some really spiffy dmidecode values. If you’ve never used this tool, go ahead and run it like so: sudo [...]

Hey, guess what? This works with Mountain Lion (10.8) too. I love you, Mountain Lion. UPDATE (9/14/2012): I put a lot of redundant lines and options in Mac OS X’s pam.d files that I didn’t need to. I finally was able to find the time to go back and test things more thoroughly during our [...]

It occurs to me that I haven’t touched on Apache’s Kerberos support, which is provided by the mod_auth_kerb module. This is the module that lets you restrict access to web pages using Kerberos or store Kerberos tickets for web applications to use. Much like in my previous post, Kerberizing Services in RHEL6, we’ll create a [...]

In RHEL 6.2, at least, SSSD doesn’t always clear its cache for the Kerberos provider. I found this out when I decided to change the group name on our LDAP server. Computers that used straight up LDAP dutifully reflected the change nearly immediately (we use nslcd, so restarting the nslcd service provided a nearly instantaneous [...]

Update: Some of this has been superseded by my new post on the subject, Mac OS X 10.7: Kerberos is Back. authAuthority does not appear to actually be required, but there is a line that must be added to /etc/pam.d/authorization. Currently, I have Kerberos on Lion using SSH. To do this, I had to install [...]

Lion introduced OpenDirectory as a replacement for DirectoryService. The configuration looks practically identical in the GUI, but the output plist files are different enough that you have to recreate them. I use a custom LDAP mapping, so to help me remember my settings, I had my old DSLDAPv3PlugInConfig.plist open in a text editor while I [...]

At work, I applied the RHEL 5 Draft STIG to some of our systems in an effort to increase our security. (STIGs are security checklists, and they’re available for a multitude of operating systems and devices. Unfortunately, they are frequently out of date, hence why I’m applying a RHEL 5 STIG to a RHEL 6 [...]

We’re stuck with an old version of puppet on our Macs because our puppet server is running RHEL 6 (surprise) which is stuck at 2.6.14. My previous attempts to bridge major version differences have failed miserably. Now I just keep them in sync and sigh at all the awesome features I don’t get to play [...]