We just got in a MacBook Air for testing, and for the heck of it, I decided to see if I could boot it off of my 10.4.11 Intel utility disk. To my surprise, it booted without kernel panicking and it looks like a lot of core functionality works (the screen, touchpad, keyboard, etc.) I wasn’t able to test the wireless networking where I was, wired networking was not available due to the fact that the utility drive was using the only USB port, and I’m sure things like the keyboard backlight don’t work, but it does look like I’d be able to use my current 10.4.11 utility drive to fix problems on the Air.
I’ve been going through some old emails as part of some general email tidying and archiving, and I realized that I haven’t gotten a “Could you unlock my account?” email in quite a while. Last year, starting with Mac OS X Server 10.4.7, I stopped setting up local accounts on my Mac servers and started tying them into the same directory service that the PCs and email servers use. Looking over my old emails, I realized just how much work went into my setting up accounts, resetting passwords when people locked themselves out, making sure password rules were followed, figuring out the best way to send someone their password securely, maintaining password change websites on those servers, etc., etc., etc.
Now, it’s much better. Distributing passwords is pretty simple, as I can just tell them “Your login and password for the server are the same ones that you use for your email.” I don’t know what that password is (which is better from a security standpoint anyway), but they should. Even better, when they change their email password, they know to use the same password for the server. (If they don’t, that’s when I’ll get an email and all I have to do then is remind them of that fact.) Also, if someone manages to lock themselves out of my server, they’ve locked themselves out of everything. Email, their PC (if they use one), the intranet, the whole shebang. Which means I’m probably not the one getting the call to unlock them as the call should be shunted to the Accounts folks. Even better, once they’re unlocked, their server access automatically unlocks as well. It especially helps with account maintenance, as once they’ve left, their access on my server goes away too. Nice, neat, and no more “Could you unlock my account?” emails.