Picking up where we left off with Jenkins, let’s look at one possible workflow to get autopkg projects working. Specifically when paired with Munki, this requires a bit more thought, but the Jenkins ‘workspace’ model and sane use of variables allows us to make one all-purpose script for most contingencies […]Read more›
If you are in an AD environment and computer names come from somewhere else in your organization, it may be inconvenient when trying to quickly prepare a new machine. DeployStudio has a form workflow step to set some information you’d like customized for the computer, including the local name(for Bonjour) and […]Read more›
UPDATE January 20, 2015 – Some are reporting an opendirectoryd-related fix, featuring the very cool-looking darwinup. Let’s hope it makes it into .2, and we’re not all chomping at the bit for 10.10.3! People are noticing a symptom, branded LoginLockout (credit @andrewrose), where Yosemite seemingly freezes during startup. The keyboard shows […]Read more›
After some undocumented options were found in the asr tool, Greg Neagle started digging around some other commands to see if he could find any other hidden options. The result of this interest has lead to some methods for finding hidden options in any command, although his specific example involves softwareupdate. […]Read more›
Twocanoes Software has released some really cool utilities today as open source software. So far, they have released an app called Salute that lets you lock your screen using Control-Command-Delete, one called Audit that lets you configure and read OpenBSM logs and Debug which lets you enable and disabled debug logging from […]Read more›
Labman will be celebrating it's 11th Year at Northampton Community College on June 7th – 9th, 2010
Labman continues to be a low-key, inexpensive, and friendly conference intended for persons who are involved in the maintenance of computing labs in higher education, K–12, or library facilities. We are looking forward to the continued enhancement of the content shared an presented each year by fellow lab managers.
Please see http://www.labmanconference.org/ for more information. We have some great events lined up and look forward to seeing old and new faces this year.
I will quickly note that I have attended 8 LabMan conferences over the years and hosted 1 of them. I have found them to be both enjoyable and useful while being a fairly "cheap date" – even the one I got to stress out about while hosting . I encourage folks to seriously consider going, especially if you are out on the East Coast.
Tom "Macintosh Doctor" JohnsonRead more›
When creating an image, you typically have user creation as part of the build process. If you're doing this as part of a install and capture (aka the "Old Way") you simply create the user as part of the Setup Assistant, or use SysPrefs after the install to set it up.
Under Leopard, we have the very intriguing possibility of simply creating a series of files in the /var/db/dslocal folder structure that is very friendly for reproducing. This is especially handy for a package based, non-interactive imaging process like our friend InstaDMG. The problem is creating the password. You obviously can't run the passwd(1) command since that will change passwords on the existing machine. You need to create a shadow hash file that contains the password. In leopard and tiger, this file contains possibly quite a few password types, but the standard type is a salted SHA1 digest of the password (the salt is a random 4 byte integer).
Most people in the past have simply created a new account with the associated password, and saved the resuling hash file in the folder. This is nice, but can result in a shadow file that is consistant for all times. Since the hash is salted with a random integer, we can generate a new hash anytime we want, but will still have the same password. This way, over time, even if the passwords are the same, the hashes will be different. This is why if you compare a hash file with the same password, you still may get very different hashes.
I have created a simple PHP script that takes 1 parameter, a string password. It will then output a string that is suitable to be saved as a password hash file to standard output. The resulting string could be redirected to a file whose name is the GUID of the user who's password you wish to save. This hash file is valid for 10.4 and 10.5
In the future, I plan on making a script that automates the creation of this directory structure so it is suitable for packaging/automation with a non-booted volume. Obviously if this was a
booted volume, you'd just use dscl/passwd and be done with it.
Check out the script here
Comments/suggestions welcome.Read more›