LSA Package Selector - Tiger. Information technology resources and support for LSA faculty, staff, and department system administrators.

accessible view | jump to content | search | jump to site-wide navigation

LSA Package Selector - Tiger

PLEASE read this entire document carefully - skimming may result in an insecure or non-functional machine.

This page will help guide you through SOME of the available packages that you can install manually. As a reminder, it is always best to install these through SimpleNetInstall to ensure everything is installed and in the proper order. All of the packages were built with the assumption that SimpleNetInstall would be used to install them, so some dependencies may not be known. If you discover one, please let us know.

All packages are available from afp://lsa-swl2.lsa.umich.edu/Packages Complete
You will need a UMICH.EDU Kerberos password and your account will need to be added to a group before you can access that server. Send a request to lsa-dev-osx if you do not have access to that server and need it.

All of the packages should be installed in the order they are listed on this page.

ALL Machines (REQUIRED packages)

The following packages should be installed on every machine:

MacOSXHooks.pkg* (automatically run scripts at login or logout)
Kerberos.pkg* (configure Kerberos for UMICH servers)
KeyAccess.pkg* OR KeyMobile.pkg* (allow you to run keyed apps)
repairPermissions.pkg* (automatically does a repair-permissions every night)

Any Machine (Optional packages)

The following are optional depending on your desired behavior:

Do you want people to be able to access their IFS/AFS space?
If so, install OpenAFS.pkg*, OpenAFS-changes.pkg*, and, if it's an Intel machine, OpenAFS-IntelStartup.pkg*.

Should people be able to login to their machines using Kerberos?
If so, install Kerberized-Console.pkg* . This will enable the use of a Kerberos password IN ADDITION TO their local password for most of the GUI password prompts such as loginwindow, preferences, installer, screen saver, etc. Passwords need not be synchronized for this to work, but to obtain Kerberos tickets, they will need to use their Kerberos password. THIS PACKAGE IS INSTALLED IN THE DEFAULT TIGER LOAD ALREADY NOTE: By itself, this does not allow any additional people to login to the machine - people must either have local accounts on the machine or you must bind to an LDAP directory (see below).

Who should be able to login to the machine?

Specific people - just create local accounts for everyone that should be allowed to use the machine.
Any UofM Person - install the LDAPumich.pkg along with either or both of the Kerberized-Console.pkg* package above. Home directories are not automatically created for LDAP users - you'll want to also install one of the Home Directory packages listed below. WARNING: Installing the LDAP package will also allow anyone to ssh into your machine. You may want to disable SSH, or modify the sshd_config to restrict which users can SSH into the machine.
Your department - you'll need your own LDAP server and local LDAP configuration for this. This is not college-supported, so you'll need to provide your own solution.

Is the user a UNIX user?
You will probably want to install X11User.pkg* , all of the packages inside the UnixPKGS folder* , and XcodeTools.mpkg* . Don't forget to select each pkg inside of these mpkg's. You should also enable Remote Login through the Sharing preference pane if they want to SSH to their machine (this is done automatically with an SNI install).

Lab Machines

In addition to the packages listed in the All Machines section above, you can install some of the following packages to make your machine behave like a lab machine:

Home Directories
If you're using network accounts through LDAP, you'll probably also need to install a home directory creation package:

For most uses, you'll want to use the UberHomeDirs.pkg -- see the Read Me For UberHomeDirs for instructions
Mounted from fileserver: Currently the only supported mechanisms of network home directories are AFP and NFS home directories. Neither of these are recommended here, but are mentioned because they are supported by Apple. A package will be completed shortly that will enable certain portions of one's home directory to be automatically symlinked into AFS and Windows file space.

Should there be a logout button?
If so, install LSALogoutApp.pkg. This will place an applescript on every user's desktop that does the same thing as the logout option from the pull-down Apple menu.

Need a shortcut to login.itd.umich.edu?
If so, install LSA ITD Login Term.pkg. This will palce a shortcut in /Applications/Utilities/ that ssh's to login.itd.umich.edu

Need your OpenFirmware locked?
If so, read this document: How do I use the OpenFirmware Lock packages?

Non-Image Machines

It is important to stress that there are a number of packages installed as part of the LSA loadset that are there to make their machines significantly more stable and more secure. This is all done automatically through SimpleNetInstall.

Currently there are few (if any) known reasons to do this all manually rather than use SimpleNetInstall. If you have some concerns, please let them be heard so we can improve the automated install process.

The LSA loadset is not present to be heavy handed, it's used to save everyone time (not just the users, but also the DSAs that have to fix the machines later), which trickles down to saving the university money.

Creating an Automated Lab Loadset

Tell Dave you want a lab load created... Be sure to include the following (Example data included in parens):

Name of your load as it should appear in SNI (example: Public Lab Load)
Where it should be in the ordered list of loads in SNI (example: after my Tiger load)
The directory unique for this load that will contain installation customizations (example: /Child/public-lab-changes/ )

Then, in your group install directory (/Child/), create the directory named the same as the 3rd item listed above (example "public-lab-changes"). Inside that directory, create two plain text files:

line-additions
choice-additions

If you just want to make the packages available, add some or all of the following lines to your line-additions file:

<line choice="ldapumich"/>
<line choice="uberhomedirs"/>
<line choice="itdlogin"/>
<line choice="logmeout"/>
<line choice="YourDept-uberhomedirs-config"/>

That will add all of those packages to be available to your loadset, but they will be unselected. If you'd also like to preselect some or all of them, add some or all of the following lines to your choice-additions file. You may wish to modify them, adding any valid distribution script code, such as descriptions and the like.

<choice id="ldapumich" start_selected="true"/>
<choice id="uberhomedirs" start_selected="true"/>
<choice id="itdlogin" start_selected="true"/>
<choice id="logmeout" start_selected="true"/>

<choice id="YourDept-uberhomedirs-config" title="UberHomeDirs Dept Config" start_selected="true">
    <pkg-ref id="edu.umich.lsa.dept.uberhomedirs-config"/>
</choice>
<pkg-ref id="edu.umich.lsa.dept.uberhomedirs-config" auth="root" installKBytes="40">
  file:/Child/Path-to-your-uberhomedirs-config.pkg
</pkg-ref>

If you have questions about any of this, don't hesitate to ask. If you'd like to know about all the possibilities for things you can put in these files, examine the master installation distribution script found here on any install server: /Volumes/DataDisk/Install/LSA/Packages-Tiger/COMMON-OS/OSInstall.mpkg/Contents/TEMPLATE.dist-universal (grep is your friend)

If you're adding your own custom packages to your choice additions, you can run /usr/local/bin/pkg-dist-info NameOfPackage.pkg and it will output some nice cut and pastable text that you can add to your line-additions and choice-additions files.

* Indicates that this package is available via a standard Tiger SNI load. Note that it may not already be selected by default.