In your Mac OS X Software Update:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Update 2003-06-09
- Thread starter MacRumors
- Start date
- Sort by reaction score
Think Secret predicted this update earlier today. They've been freakishly accurate as of late (keep it up!).
But where is the Apache update?
I am curious though as to where the Apache update is. There was a security update in the 2.0.x series (IIRC, from 2.0.44 to 2.0.45) last week that Apple hasn't put in an update yet.
I am curious though as to where the Apache update is. There was a security update in the 2.0.x series (IIRC, from 2.0.44 to 2.0.45) last week that Apple hasn't put in an update yet.
What it means (in brief)
1. Regarding AFP resharing. NFS is a file system. Resharing is means that you can (essentially) "log in" to NFS volumes (hard disks or arrays or whatever) from one machine (a Mac server) and then can republish them over your local network for other client machines as if they were locally connected (e.g. via AFP - Apple File Protocol over TCP/IP). It is a nice feature for enterprise use. Thus, the update addresses a security issue when someone goes from [NFS volume] <----> [Mac server] <----resharing---> [Mac client]. Apparently there was a problem in the resharing section. I don't know exactly what, but I bet it just hits a limited number of installations. However, I would guess those installations have LOTS of users (e.g. large enterprises) which is why this came out -- its important to BIG customers.
2. Kerberos is a network authentication protocol (see http://web.mit.edu/kerberos/www/#what_is), helping provide network security via encryption. LDAP is Lighweight Directory Access Protocol, helping to look up contact info for example from an email program. I haven't looked at this in particular, but you can use Kerberos to make the LDAP connection secure and there was a problem with the bind (part of the connection and setup) here.
For example, you'd go to look up information from Mail (or Eudora or ...) and have selected Kerberos to do the security and sometimes it would not work (if you want to get completely NON technical). ;-)
1. Regarding AFP resharing. NFS is a file system. Resharing is means that you can (essentially) "log in" to NFS volumes (hard disks or arrays or whatever) from one machine (a Mac server) and then can republish them over your local network for other client machines as if they were locally connected (e.g. via AFP - Apple File Protocol over TCP/IP). It is a nice feature for enterprise use. Thus, the update addresses a security issue when someone goes from [NFS volume] <----> [Mac server] <----resharing---> [Mac client]. Apparently there was a problem in the resharing section. I don't know exactly what, but I bet it just hits a limited number of installations. However, I would guess those installations have LOTS of users (e.g. large enterprises) which is why this came out -- its important to BIG customers.
2. Kerberos is a network authentication protocol (see http://web.mit.edu/kerberos/www/#what_is), helping provide network security via encryption. LDAP is Lighweight Directory Access Protocol, helping to look up contact info for example from an email program. I haven't looked at this in particular, but you can use Kerberos to make the LDAP connection secure and there was a problem with the bind (part of the connection and setup) here.
For example, you'd go to look up information from Mail (or Eudora or ...) and have selected Kerberos to do the security and sometimes it would not work (if you want to get completely NON technical). ;-)
Re: What it means (in brief)
Apple's LDAP implementation does not support kerberos. For more info on this bug see cert's reporthttp://www.kb.cert.org/vuls/id/467828.
Apple's LDAP implementation does not support kerberos. For more info on this bug see cert's reporthttp://www.kb.cert.org/vuls/id/467828.
Re: BUG
pretty funny :-DOriginally posted by leo
Some guys found a new bug that came with the update: login by pressing the Log In button doesn't work anymore. You can still log in using the return key, though.
Not that I'd use the button, but...
Apple's LDAP
>Apple's LDAP implementation does not support kerberos. <
Yes it does, see:
http://docs.info.apple.com/article.html?artnum=107579
(For example : "When using a Kerberos login and integration with an LDAPv3 server, a account password may be sent in clear text format. When the authentication authority attribute is not set, Login Window tries to authenticate the account to the configured LDAP server. " One would presume that if one is using Kerberos login with an LDAPv3 server from Mac OS X that then Mac OS X would indeed support the combination of the two.)
http://docs.info.apple.com/article.html?artnum=107543
http://www.apple.com/macosx/jaguar/morefeatures.html
Here is how to config LDAP and Kerberos if you want to see how
http://homepage.mac.com/iclements/Using Kerberos and LDAP.pdf
this is a kind of old document so there may be easier ways to do so with current OS X versions.
>Apple's LDAP implementation does not support kerberos. <
Yes it does, see:
http://docs.info.apple.com/article.html?artnum=107579
(For example : "When using a Kerberos login and integration with an LDAPv3 server, a account password may be sent in clear text format. When the authentication authority attribute is not set, Login Window tries to authenticate the account to the configured LDAP server. " One would presume that if one is using Kerberos login with an LDAPv3 server from Mac OS X that then Mac OS X would indeed support the combination of the two.)
http://docs.info.apple.com/article.html?artnum=107543
http://www.apple.com/macosx/jaguar/morefeatures.html
Here is how to config LDAP and Kerberos if you want to see how
http://homepage.mac.com/iclements/Using Kerberos and LDAP.pdf
this is a kind of old document so there may be easier ways to do so with current OS X versions.
Re: But where is the Apache update?
Maybe because Apple isn't using Apache 2.x in OS X yet? The current version in OS X is 1.3.27.
Maybe because Apple isn't using Apache 2.x in OS X yet? The current version in OS X is 1.3.27.
Re: Re: But where is the Apache update?
Actually Apple uses Apache 2 for Mac OS X server. I think the security update for the server is already posted. I seem to remember the developer website contained the Apple-supplied patches for getting Apache 2 to compile, but I imagine that has long since been put into the Apache codebase.
Actually Apple uses Apache 2 for Mac OS X server. I think the security update for the server is already posted. I seem to remember the developer website contained the Apple-supplied patches for getting Apache 2 to compile, but I imagine that has long since been put into the Apache codebase.
v 2.0 of Security Update 2003-06-09 avaliable in Software Update;
Security Update 2003-06-09 addresses a potential security issue when the Apple Filing Protocol (AFP) is used to reshare a Network File System (NFS) mount. This update also addresses a situation where LDAP bind authentication requests may be improperly sent when using Kerberos authentication.
Security Update 2003-06-09 addresses a potential security issue when the Apple Filing Protocol (AFP) is used to reshare a Network File System (NFS) mount. This update also addresses a situation where LDAP bind authentication requests may be improperly sent when using Kerberos authentication.