Mac Security – Page 2

Active Directory, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Windows Server

Mac OS X: Force LDAP Signing using dsconfigad

September 27, 2008

dsconfigad did not support signing of LDAP packets in 10.4.x. However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in. Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable. To force LDAP signing, just run the following command: dsconfigad -packetsigning required To then disable signing if your environment doesn’t support it use the following command: dsconfigad -packetsigning disable The default variable is allow, which will use LDAP signing when possible.

Read More

krypted
Mac OS X, Mac OS X Server

Better Late than Never

August 16, 2008

New Apple security update. Not that it fixes everything it intends but it’s a good start… http://support.apple.com/kb/HT2647

Read More

krypted
Active Directory, Mac OS X, Mac OS X Server, Mac Security

Mac OS X Server 10.5: Customizing Trust Time for the adplugin

August 14, 2008

You can use the adplugin to customize the amount of time a client is trusted by Active Directory. It can be done by using the following command: dsconfigad -passinterval 30

Read More

krypted
Mac OS X, Mac Security

Mac OS X Server 10.5: Using NATd to turn the Server into a Router

August 12, 2008

There are certain aspects of Mac OS X Server that it just isn’t that great at. One of them is acting as a router. It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server. So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point… 😉 You can use the /etc/net/natd.plist. The key you’ll want to edit is the redirect_port, one per port or a range of all in one key… …

Read More

krypted
Articles and Books, Mac OS X, Mac Security

DNS Caching and Apple

July 31, 2008

In the article at http://www.macworld.com/article/134793/2008/07/apple_dns.html John Welch goes off on Apple for their delay in the whole DNS Poisoning exploit. It’s kindof amusing…

Read More

krypted
Mac Security

ARD Root Escalation Using AppleScript

June 18, 2008

They can explain it better than me: http://it.slashdot.org/it/08/06/18/1919224.shtml (this has been fixed with the August 2008 Security Update).

Read More

krypted
Mac OS X, Mac OS X Server

Mac OS X: Reset Open Firmware Password

March 18, 2008

To reset the open firmware password you can either reboot while resetting PRAM 3 or more times or just pull out the RAM, reboot and reseat it after the next restart. Have fun with that.

Read More

krypted
Mac OS X, Mac OS X Server, Mass Deployment

opfw

March 13, 2008

You can use the command line tool opfw to set open firmware passwords. It is available for download over at MacEnterprise.org. You can also use opfw to mass deploy open firmware passwords, which is basically what NetRestore does when you use their setting for this.

Read More

krypted
Mac Security

Did you know?

March 12, 2008

Firewire gives direct access to a systems memory.

Read More

krypted
Mac OS X, Mac OS X Server

Mac OS X: Require Password at Single User Mode

March 10, 2008

By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup. However, you can force OS X to ask for a password in order to gain shell access. To do so, vi the /etc/ttys and change secure to insecure. Once you have done so, create a password in /etc/master.passwd for root.

Read More

krypted