Archive for December, 2005

Its a new year (coming) and it has been a long time since I did an update of OSXPASS. I hadn’t made changes pre-Tiger hoping that Apple would come up with a solution and include it with Tiger. But, alas, that didn’t happen. So, I am embarking on doing an updated version of OSXPASS. This email is a request for comment and feedback. I’d like any information that might help guide me in the next version. And, if anyone has experienced problems, noted any security concerns, etc I’d like to hear about it. (I have thick skin.)

The sudo (superuser do) command is a very useful and powerful part of the OS X unix underpinnings. It gives the ability for certain users to execute some or all commands as root while logging these activities providing a clear bread-trail of who did what to the machine.

By default only an administrative user can use sudo on any OS X machine, but with some modification of the sudoers file, you can grant specific machines and/or users access to sudo some or all of their commands.

Read on for more…

The gist of it is this: there will be no Tiger edition of my book.

The Panther version took me a year and a half to write. I’ve been working on the tiger version less than a year, and it was projected to be 30% longer. For some reason timelines this time around were shorter, and the choice came down to sacrificing depth or canceling the project. I chose the latter. I proposed a third option, but it didn’t fly:

Apple has a team of tech writers and their docs still lack depth and in many cases understanding of how this technology is deployed in IT-centric markets. (ie command usage statements that don’t add much understanding and don’t highlight the command’s most typical usage). Therefor I think that any sort of in-depth documentation of Mac OS X or Mac OS X Server should really be a team effort. What I wanted to see was a Mac OS X IT Bookshelf from O’Reilly, with contributions from some of the more cognizant thinkers in various aspects of Mac OS X and Mac OS X Server System Administration. This bookshelf would cover Mac OS X Server, Mac OS X, XSan, etc all at the same level my book was written that.

As a less aggressive goal I also offered to break up the book into several titles (each section into its own book). In either case, O’Reilly didn’t perceive demand. I don’t understand that decision, but they’re within their rights to make it.

Tiger includes a nicely-integrated Jabber server, but for those of us who have not yet upgraded, here’s the trick to getting jabberd running on Panther.

I want to send an email to users letting them know that their password is about to expire (we have them set to expire after 30 days, so this happens frequently). Tinkering with our Tiger server, it seems that mkpassdb doesn’t provide any useful data. Neither does pwpolicy. Using:

pwpolicy -a adminusr -p adminpwd -u sbrown -getpolicy

always returns (no matter what user or expiration)

expirationDateGMT=12/31/69

as its result. Is there any easy way to get this information that works with Tiger? Am I not using pwpolicy correctly?

BTW, I saw a post here where someone mentions that with AD, UAM, and ActiveX it may be possible to get this info, but we aren’t using AD.

Read on for one possible answer…

Some of you may be familiar with CMS solutions like Mambo and Joomla. Very cool, very easy to set up etc. Until you get to Tiger.

Well go to do that on a Tiger Server and am running into an issue between PHP and MySQL. I can login into MySQL, create a database, assign privs etc. When I got to link the db to Joomla, the PHP says the username and password are wrong.

This is using MySQL 4.1 and the default install of PHP on 10.4.3. I came across some postings about the socket location changing from /tmp to /etc, but nothing real concrete. One suggestion was to move to PHP5.

Any thoughts?

Read on for thoughts on a solution…

Apple has put up a nice bit of documentation on their developer site on some the more advanced topics that systems administrator may be interested in.

Topics covered include Kerberizing the Mac OS X VPN Server, Creating Mail Account Bundles, Setting Up a Network Library, Setting Up Key-Based SSH Login and Incorporating User Images in Open Directory.

All of this material is available for reading directly on their site, or you can download the PDF for on the road/plane reading material.