LSAIT — College of LS&A Information Technology | University of Michigan

accessible view | jump to content | search | jump to site-wide navigation

LSA OSX Status

STATUS PAGE HAS MOVED!!!

We're going to try out Footprints for a while - as such, please look at the OSX project in FootPrints for updated to-do and status information. Feel free to add more items or claim any of the projects listed if desired.

Everything on this page is being kept for archival purposes

Open Issues / To - do / Questions / Wishlist

Really Important:

• pam_krb5: If you SSH using your kerberos password, you cannot kinit
• SNI: password is not getting URL-escaped in mount_afp command... If user has a % in their password, it won't let them connect (maybe use "stringByAddingPercentEscapesUsingEncoding" cocoa function)

Not as important:

• Create a "Create UMich User" script to create new users with correct UID after an install?
• Create a "Fix UMich User" script to change someone's account from their auto-generated UID to their UMich UID?
• logGen: report any special perms (non-world readable, SUID, SGID, etc)
• logGen: change "must run as root" print statement to go to STDERR
• KerbAFSUMichDefaults - user is still prompted for LSA password the first time they run Kerberos.app and try to login
• Package new version of TB2 & NetO
• Package DirectorMX2004 (waiting for keyed .app)
• Sync files/homedir with AFS (lrsmith)
  • 4 packages identified and passed to OS X working group. ( ON HOLD )
  • Need to receive feedback from OS X working group.
• Panther 'kadmin' does not work in our kerberos environment.
• Create an AFS pref pane
• SimpleNetInstall Kerberos Support (DONE, but turned off)
• Enable password caching for laptops (mobile account) (AuthenticationAuthority=LocalCachedUser ???)
• Server monitoring / notifications
• Create a script to set AFS startup options (blewis)
• SimpleNetInstall: use HTTP/1.1 instead of HTTP/1.0 - 1.0 causes problems on webservers with redirect rules
• Create a bootable CD that boots up to SNI, for subnets that don't have a helper address configured
• Create a bootable DVD install for machines that have no network connection
• Automate backups of lsa-swl2

Things to Investigate

• logGen: create a GUI?
• Create a package to turn on local mail delivery (for cron errors, etc)? Auto-create aliases to basically redirect everything to root (or anyone?) to the primary account created on the system/account created by SNI? send everything to a department DSA account?
• Panther + OpenAFS = Kernel Panic?
• Modify SSH config: only permit access from umich nets? only support protocol 2?
• "Disable auto login for all accounts"?
• Enable fast user switching by default? ...looks like this would be a bad idea for most machines...
• The packaging/training netboot image we're using in the mathlab is pretty cool - should we secure it and clean it up such that it could be made available on all of the netboot servers? We don't want just anyone to be able to use it to netboot any random machine and suddenly have access to its drives.

Issues that may never get fixed because of a work-around or the need has disappeared:

• Panther includes a "generateduid" field in each account. Not sure yet what it's used for, but we can use "uuidgen" to create them. this will get created automatically if the user changes their password
• Panther user accounts now use ";Shadow;" authentication authority instead of ";Basic;" (shadow passwords instead of visibile crypted passwords) - basic auth (non-shadow) still works, so no NEED to change our account creation tool, but it'd be nice to. Acct switches to ;Shadow; automatically during first password reset
• SPSS won't run on a G3 (how big of a problem is this for everyone?)
• Permissions mapping issue when client/server have same UID (Problem ID 3476923) - Fixed in Panther Server.
• Panther saves its screensaver hotcorners prefs in a different location now that's not easy to control - anyone care if we just don't set it anymore?
• Panther clients cannot use Kerberized-AFP to a Jaguar server. (Patrick McNeal filed bug #3457483, our solution is to just upgrade servers to Panther)

---

Recently Completed Items

• Created AutoHomeDirs-UnManaged.pkg (May 6, 2004)
• Added iTunes 4.5 to test load (May 6, 2004)
• Added Quicktime 6.5.1 to test load (May 6, 2004)
• Added SecurityUpdate2004-05-03 to test load (May 6, 2004)
• Created Department-SNI-loads presentation (May 5, 2004)
• Jaguar removed from SNI menus (May 4, 2004)
• ------- Changes released into production -------- (May 4, 2004)
• Starting testing some Kx.509 stuff (April 27, 2004)
• TeX.mpkg finished (April 26, 2004)
• Upgraded rsync to 2.1 on all servers (April 22, 2004)
• Added /usr/local/bin/ to LSA-Path and moved LSA-Path from UnixTools to LSA-Alterations (April 22, 2004)
• Updated internet.pkg to run the email config for every user (April 20, 2004)
• Created mail-config-kerb-noSSL.pkg (April 16, 2004)
• Changed default mail.app prefs to not show the "would you like to see what's new?" message (April 16, 2004)
• New version of MATLAB pkg (April 16, 2004)
• Added SubEthaEdit pkg to install (April 15, 2004)
• Created Hooks Migration package (April 13, 2004)
• Removed DAVEclient from load (April 13, 2004)
• Removed ManyHooks from load, replaced with MacOSXHooks (April 13, 2004)
• Updated Mathematica to new license code (April 13, 2004)
• Moved loginhook in TB2 pkg (April 12, 2004)
• Moved loginhook in NetO pkg (April 12, 2004)
• Removed superfluous Applications directory from MacromediaFlash pkg Resources (April 9, 2004)
• Security Update 2004-04-05 added (April 6, 2004)
• MacSig presentation (Apr 2-8)
• Packaging Training, updated packaging tutorial (Apr 6-8)
• Dave & Jeff worked on "Classroom/Packaging netboot image" (Apr 1-2, 2004)
• Deployed catbert (G5 Xserve) as another testing machine (Mar 30, 2004)
• Created SMB-conf.pkg, added to LSA Alterations (Mar 26, 2004)
• Created SSH-conf.pkg, added to LSA Alterations (Mar 26, 2004)
• Updated internet.pkg for new hooks location (Mar 26, 2004)
• Created LabHomeDirs.pkg (Mar 24, 2004)
• OpenAFS pkg adds new multi-cell-per-realm aklog plugin, changes so AFS homedir links are only created once, allowing people to [re]move them (Mar 24, 2004)
• Kerberos pkg updated to latest Kerberos Extras (Mar 24, 2004)
• Kerberos pkg updated to remove k4 support from edu.mit.Kerberos file (Mar 24, 2004)
• Added iChatAV21 update to Panther-Apps (Mar 24, 2004)
• Added "Automated Install" option for Panther-tiny (Mar 23, 2004)
• LSA-Path.pkg fixes X11 path missing (Mar 23, 2004)
• LSA-Path.pkg fixes problem where environment.plist wasn't installed for the first user (Mar 23, 2004)
• MacOSXHooks.pkg added to Testing load (Mar 22, 2004)
• Kerberized-Console updated to support new :rights:com.apple.desktopservices:mechanisms: (Mar 19, 2004)
• Started testing v4 NetBootImage (Mar 19, 2004)
• Modify aklog KfM plugin to handle multiple AFS cells ( Mar 19th, 2004 )
• Testing/Devel updated to OSX 10.3.3 (Mar 16, 2004)
• rotten updated to OSX Server 10.3.3 (Mar 16, 2004)
• KerberizedConsole, Kerberos-PAM added to Testing/Devel (Mar 12, 2004)
• Servers no longer accept GssapiAuthentication via SSH (Mar 11, 2004)
• Completed KerberizedConsole.pkg (Mar 11, 2004)
• Updated iSync pkg to 1.4 (Mar 10, 2004)
• Completed Panther (G4 & G5) comptible classic.pkg (Mar ?, 2004)
• Released logGen & software page to public (Mar 2, 2004)
• ------- Changes released into production -------- (Mar 1, 2004)
• Made the cool spinning-cube graphic for the website (Feb 27, 2004)
• Created SuperLogs.pkg (Feb 27, 2004)
• Updated logGen - now uses standard MD5 module, added status messages, copyrights, documentation, and lots of other stuff to prepare for public release (Feb 25, 2004)
• Added SecurityUpdate2004-02-23 to loadset (Feb 23, 2004)
• Added StuffIt 8.0.2 to Panther loadset (Feb 23, 2004)
• Added DAVE-Client 5.0 to loadset (Feb ?, 2004)
• Added shadowhash password support to acct-rep-in/out (Feb 13, 2004)
• Upgraded serval to Panther (Feb 11, 2004)
• Upgraded lsa-swl2 to Panther (Feb 11, 2004)
• Added EndNote7 to Apps load (Feb 9, 2004)
• Added StataSE82 to Apps load (Feb 9, 2004)
• Updated DarwinPorts & PortsManager pkgs, added "update-dports" tool (Feb 9, 2004)
• KeyAccess/KeyMobile repackaged to use a postflight to modify /Library/Preferences/loginwindow.plist instead of overwriting it (Feb 5, 2004)
• Upgraded caracal to Panther (Feb 4, 2004)
• Maple9 pkg fixed to not crash Finder in Panther (Feb 4, 2004)
• Upgraded rotten to Panther (Feb 3, 2004)
• Added Safari1.2 update to Panther image on Testing/Devel (Feb 2, 2004)
• Added Java1.4.2 update to Panther image on Testing/Devel (Feb 2, 2004)
• Added SecurityUpdate2004-01-26 to image on Testing/Devel (Feb 2, 2004)
• Added certain LSA-Min components to the Panther Apps load (Feb 2, 2004)
• ------- Deployed Panther NetBootImage & load updates ------- (Jan 29, 2004)
• Script to check and repair permissions daily created and packaged, repairPermissions.pkg. ( Jan 21, 2004 )
• Repackaged Office X to fix permission problems. ( Jan 21, 2004 )
• Updated the netboot image to be compatible with more install scripts (Jan 21, 2004)
• Updated iCal to 1.5.2 (Jan 20, 2004)
• Updated iTunes to 4.2 (Jan 20, 2004)
• Added Jaguar Security Update 12-19-03 (Jan 20, 2004)
• Changed NTP server to ntp.itd.umich.edu (Jan 20, 2004)
• Cleaned up the *-Common load dirs a bit (Jan 20, 2004)
• Panther load ready for testing (Jan 16, 2004)
• Rebuilt Panther OpenAFS pkg to remove AFSDB support since it adds a delay to shutdown at the moment. (Jan 15, 2004)
• New package for enabling Kerberos authentication for system.login, preferences and screen save. Kerberos_Authorization ( Jan 15th, 2004 )
• New Microsoft Office X Package. ( Jan 14th 2004 )
• Updated logGen (ignores /afs, checks if you're root, checks if MD5 file open succeeds) (Jan 13-14, 2004)
• Packaged Adobe Illustrator CS (Jan 13, 2004)
• Packaged Adobe CS apps (Photoshop, GoLive, InDesign) (Jan 12, 2004)
• Fixed keyed Macromedia apps problem - /Library/Application Support/Macrovision/AuthenticationService needed to be SUID root (Jan 9, 2004)
• Repackaged freshly keyed Macromedia apps (Jan 9, 2004)
• Built kodkod as first Panther server (Jan 8, 2004)
• Removed Adobe LiveMotion from loadset as it is no longer being updated by the vendor (Jan 5, 2004)
• Updated Panther load to 10.3.2 (Dec 19, 2003)
• Netboot image (NBI) updated to Panther, added lots of missing components needed by various installer scripts... appears to work - ready for wider testing (Dec 16, 2003)
• Added Kerberos support to SimpleNetInstall (Dec 12, 2003)
• Removed dependency on /usr/bin/host in SimpleNetInstall - hostname lookup done internally now (Dec 10, 2003)
• Netboot image (NBI) updated to Panther, testing now (Dec 10, 2003)
• Updated logGen to work on Panther (Nov 26, 2003)
• Created a package to set the default Kerberos Realm and AFS Cell to UMICH.EDU instead of LSA.UMICH.EDU (Nov 21, 2003)
• Panther image ready for full testing. It is not yet for production use as there are known issues. (Nov 13, 2003)
• Reported Fasted-User-Switching denial-of-service bug/vulnerability to Apple (Problem ID 3478608) (Nov 10, 2003)
• Completed the Panther OpenAFS package (Nov 10, 2003)
  • Created 1.2.10a pkg for Panther compatibility
  • No longer overwrites kerberos config - uses a postflight to add 'aklog' plugin line to existing config
  • aklog updated to use K5
  • aklog kerberos plugin updated to use K5
  • enabled AFSDB / dynamic root support for unknown AFS realms
  • Renamed kpasswd to kpasswd-afs so it doesn't overwrite the Kerberos kpasswd
• Updates to the Kerberos package (Nov 7, 2003)
  • LSA is the default realm now
  • Updated realm server info
  • Removed 'aklog' plugin line
  • Sets 'noaddresses' flag appropriately based on if it's a desktop or a laptop since desktops are not likely to ever be behind a NAT
  • Defaults to get non-forwardable/prixiable/renewable tickets
• Panther - applications load progress (Nov 7, 2003)
  • Enabled most of the applications in the Panther loader - no apparent problems
  • NetO/TB2 not enabled yet
• Panther OS (not Applications) load done (Nov 6, 2003)
  • Mac OSX 10.3
  • The 2 security updates that have already come out
  • All of the LSA Alterations
• Created a pkg to set default realm/cell to UMICH instead of LSA (Nov 5, 2003)
• Created a pkg to skip the "Setup Assistant" step during a Panther install. This wasn't necessary for Jaguar.
• ------- Major release of our Jaguar load -------(Oct 30, 2003)
  • New version of Fugu (1.1)
  • Addition of NetO Agent [required]
  • Addition of NetO Locker [optional] (removes netO prefpane)
  • Addition of TB2 [required]
  • Removed the "Not for production use" banner since we can now remotely administer a machine
  • Cleaned up some install dirs on server
  • Updated iTunes to 4.1
  • Updated iSync to 1.3
  • Added Mathematica 5.0
  • Added KeyAccess Mobile [optional]
  • Made KeyClient required instead of optional.
• We now have console server access to all of the production XServes (Oct 30, 2003)

back to top

• Who We Are, What We Do
  • About LSAIT
  • LSAIT Staff Directory
  • Contact Us
• Getting Started
  • Getting Started Overview
  • Windows User FAQ
• Help with Equipment and Software
  • Help with Equipment
  • Help with Software
  • New Faculty Computers
  • Faculty Computing Upgrade
• Summary of Accounts and Passwords
  • Accounts used in LSA
• E-mail
  • E-mail Overview
• Advanced Computing
  • Collaborations
  • Resources
• Department Admin Toolbox
  • Security
  • Windows Environment
  • Mac OS X Environment
  • Unix Environment
  • Video Conferencing
  • IT Professional Development

LSA | University of Michigan

© 2008 Regents of the University of Michigan | Web design by Marketing Communications

This website is optimized for standards-compliant browsers, following guidelines for XHTML, CSS and accessibility | XML | Contact webmaster

---

back to top