Articles by: Timothy Perfitt

Apple FIPS Cryptographic Module v1.1 posted

Apple has posted the Apple FIPS Cryptographic Module v1.1 and has an associated "How to set up and maintain a FIPS-enabled OS X Lion system" kbase.  FIPS validation is a certification program by NIST (National Institute of Standards and Technology) to verify cryptographic modules.  It appears from here that the CDSA module is 140-2 level 1 certified. For those not versed in the dark details of FIPS certification, Wikipedia defines 140-2 Level 1 as "all components must be "production-grade" and various egregious kinds of insecurity must be absent".

 The interesting piece to all this is in the "additional information" section of the "How to set up and maintain a FIPS-enabled OS X Lion system" kbase:

"OS X Lion security services are now built on a newer "Next Generation Cryptography" platform and have transitioned from the CDSA/CSP module previously validated on Mac OS X v10.6. However, Apple has re-validated the same CDSA/CSP module under OS X Lion to provide continued validation solely for third-party applications."

 So Lion is not FIPS validated, but the CDSA on Lion is, but only 3rd party apps use it.  Clear?

Read more

Update: WWDC 2012 Tickets Sold out!

Well, that was fast.  WWDC 2012 tickets sold out in record time!  Hopefully you got yours, but if not, there is always the videos.  Now we just need to wait to hear the screams from the folks on the West Coast and as they wake up and realize what happened.  Not to mention our friends in Australia and Asia!

Read more

WWDC 2012 Tickets Available!

WWDC 2012 has been announced for June 11-15, and tickets are now available!.  Run, don't walk, to and grab yours now.  Every year it sells out faster, and this year should be no exception. is in the planning stages for some cool stuff around WWDC, so stay tuned.  Now head over to and get your ticket already!

Read more

Becoming a CSA to sign SSL certs for Open Directory Replicas

If you have an Open Directory infrastructure, and you want to secure your connections between the client and Open Directory services using SSL, the simplest solution is to purchase SSL certificates and install the certificate on your Open Directory Master and each Replicas.  However, each server will require its own certificate.  In this article, we'll look at how to create a Root Certificate Authority and how to create and sign certificates for your Open Directory Master and Replicas.

Read on for more…

Read more

Using host principals to secure connections to 3rd party KDCs

If you are in an environment where you are integrating Mac OS X with a 3rd party KDCs, you already know about builtin:krb5authnoverify addition to your /etc/authorization.  But did you know that you can use the builtin:krb5authenticate option to provide better security by assuring that your KDC is not being spoofed?  Are you safe from the "Zanarotti attack"?  Read on to find out how to get it set up and running.

Read more

Using avelsieve to edit Sieve filters in SquirrelMail on 10.5

Leopard Server has all of the pieces installed for sieve filters for server-side mail filtering, but if you want to use the SquirrelMail filter interface to allow users to add filters, then you have to do a little work.  We've provided a pkg to install the avelsieve package that allows you to install it the plugin to SquirrelMail, but it is a bit incompatible with 10.5 Server.  

Read on to see how to resolve it….

Read more

Creating a Network Enabled BartPE disk for Intel Macs

So you got your Macs all pimped out with a bootcamp partition and dual boot.  However, what do you do when you start having problems with Windows partition and want to edit some system files, do a virus scan without being booted from that Windows partition, or do repairs on an unstable system?

BartPE allows you to create a bootable CD that contains just enough of Windows XP to get you up and running you to do some diagnostics on your Windows partition.  You still have to have a Windows XP license to create a BartPE disk, but if you are repairing a Windows install, then you probably already have the license.

The one drawback to a generic BartPE CD is that networking does not
work on Intel Macs due to missing network drivers.  We know that these
drivers are on the BootCamp driver disk, but since they are all
executable (.exe) files, it is difficult to know how to include them.

walk through the steps of creating a BartPE disk with network drivers
so that you'll be able to boot up from the CD and have read/write
access to the NTFS partition. 

Click Read More to see the steps to create the CD.

Read more

convert postfix-watch to full blown postfix on X Server

This is a tale about getting rid of postfix-watch.

Read more