I’ll often install a brand new Mac with OS X 10.6, run puppet, and find myself facing the same two intermittent problems. First, I’ll notice that the SSH host keys in /etc never get created (we turn on Remote Login through puppet, so it’s possible we’re accidentally skipping a step). Second, System Preferences will abruptly decide to no longer accept my administrator password, even though Terminal will happily let me use it to run commands with sudo.
The solution to the first problem is easy: I run /usr/libexec/sshd-keygen-wrapper with sudo. It’s a very simple shell script that checks for the presence of /etc/ssh_host_key, /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key. It’s unclear why this command doesn’t always get automatically run.
I’m still trying to perfect the solution to my second problem, but wiping out the problematic administrator user’s Library and logging back in fixes it. When it’s a brand new install, this is a fairly safe move, and since we tell our users to log in as regular users, NOT as admins, there’s no chance that this will wipe out any important user settings. It seems to be a user preference corruption error. In the most recent iteration, I ruled out ~/Library/Caches and ~/Library/Preferences before I got bored and wiped the entire directory out again. Each time, I manage to cross a few more folders off the list. As for the cause of the problem, it may be related to MCX settings. We push a small glob of MCX settings out through puppet, and the problem only seems to occur after they’re installed.