Archive for August, 2008

If you have an Open Directory infrastructure, and you want to secure your connections between the client and Open Directory services using SSL, the simplest solution is to purchase SSL certificates and install the certificate on your Open Directory Master and each Replicas.  However, each server will require its own certificate.  In this article, we'll look at how to create a Root Certificate Authority and how to create and sign certificates for your Open Directory Master and Replicas.

Read on for more…

If you are in an environment where you are integrating Mac OS X with a 3rd party KDCs, you already know about builtin:krb5authnoverify addition to your /etc/authorization.  But did you know that you can use the builtin:krb5authenticate option to provide better security by assuring that your KDC is not being spoofed?  Are you safe from the "Zanarotti attack"?  Read on to find out how to get it set up and running.

Corsair has updated their series of "Securing Mac OS X" white papers to include "Securing Mac OS X Leopard (10.5)". This is an update of the Tiger version to include "the new security features offered by Mac OS X Leopard."

You can find this, previous versions, and others on their Technical White Papers page. You can download the Leopard PDF directly here.

If you've ever tried using the command line to change the defult NetBoot image on your OS X Server, you know that it can be a pain in the butt and have probably resigned yourself to just using the GUI — even though it takes seven clicks (from initial launch of Server Admin) to do it.

Because of the numerous times I've wanted to change the default NetBoot image while away from my admin tools — not to mention my increasing distaste for those seven clicks — I came up with a script that makes switching the default NetBoot image from the command line dead simple.

You can read more about it here (including how to install and use it) or download it directly here.