Archive
Building an installer package for Privileges.app
One of the open-source contributions by the Apple@SAP team has been Privileges.app, a tool designed to grant or take away administrator rights from accounts on macOS. The general idea behind Privileges is that it allows people to work with the account privileges of a standard user for day-to-day use, but allows them to get administrator rights when needed.
Documentation for Privileges.app can be found at the GitHub repo which hosts it, which is available via the link below:
https://github.com/SAP/macOS-enterprise-privileges
However, one item not included in that documentation is how to package it for deployment. Instead, AutoPkg recipes were written and made available to automate the packaging process:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ autopkg search com.github.rtrouton.Privileges | |
| Name Repo Path | |
| —- —- —- | |
| Privileges.munki.recipe apfelwerk-recipes Privileges/Privileges.munki.recipe | |
| Privileges.install.recipe rtrouton-recipes Privileges/Privileges.install.recipe | |
| Privileges.munki.recipe rtrouton-recipes Privileges/Privileges.munki.recipe | |
| Privileges.jss.recipe rtrouton-recipes JSS/Privileges.jss.recipe | |
| Privileges.pkg.recipe rtrouton-recipes Privileges/Privileges.pkg.recipe | |
| Privileges.download.recipe rtrouton-recipes Privileges/Privileges.download.recipe | |
| To add a new recipe repo, use 'autopkg repo-add <repo name>' | |
| computername:~ username$ |
However, not everyone is able to use AutoPkg in their environment, so manual packaging instructions are now available here. For more details, please see below the jump:
Checking the SSL certificate used by an Active Directory domain controller
Yesterday, Jamf sent out the following notification in advance of the release of Jamf Pro 10.11.0:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This message is to inform you of security enhancements coming in Jamf Pro 10.11.0 that affects the Jamf Infrastructure Manager and LDAPS. | |
| Effective in the upcoming release of Jamf Pro 10.11.0, Jamf Infrastructure Manager instances will need to be re-enrolled in order to continue to function with Jamf Pro Server 10.11.0 and later. If you are on 10.9.0 or earlier, you will need to upgrade to version 10.10.1 and re-enroll Infrastructure Manager instances before upgrading to 10.11.0. | |
| Re-enrollment can be accomplished using the following methods: | |
| For Infrastructure Manager on Windows, run the installer | |
| For Infrastructure Manager on Linux, run the command to re-enroll | |
| Additionally, any LDAP server connections using LDAPS will require that the hostname of the LDAP server match the Common Name (CN) on the certificate that is uploaded to the Jamf Pro Server. A mismatch will prevent communication between the LDAP server and Jamf Pro Server. | |
| For additional assistance with this process, please contact Jamf Support via Jamf Nation or support@jamf.com. |
One part of the message which caused some concern is this section:
Additionally, any LDAP server connections using LDAPS will require that the hostname of the LDAP server match the Common Name (CN) on the certificate that is uploaded to the Jamf Pro Server. A mismatch will prevent communication between the LDAP server and Jamf Pro Server.
What’s being referred to here is what’s known as an SSL hostname mismatch error, which is a sign that the SSL certificate being used to secure the connection isn’t configured correctly. But how can you tell with the SSL certificate used on an Active Directory domain controller? For more details, please see below the jump.
Der Flounder 
Recent Comments