Meeting Notes - Apr 17, 2002

By: Mikio Moriyasu - Revised: 2006-10-05 devin


What's New by James Reynolds

Software Notes
  • Maya Complete, formerly priced at $7,500 will now sell for $1,999
  • Maya Unlimited, which formerly sold for $16,000 will be priced at $6,999.
New Hardware
Apple Cinema HD Display, an all-digital 23-inch flat panel display with 1920 x 1200 pixel resolution, enough to view High Definition Television (HDTV) content with room to spare.

Retail News
Rebates (Good through June 30)
  • Laptop and an AirPort base station get $100 rebate
  • Power Mac and 17-inch screen save $200
  • Power Mac and 22-inch display save $300.
Problems
  • Possible auto-execution vulnerability on the Mac? Malicious web-page automatically downloads disc-image, StuffIt auto expands and mounts the disc-image, Mac OS (QuickTime) executes the malicious program.
  • Retrospect 5 Notes:
    • Retrospect 5.0 Desktop Backup for OS 9 requires that you use Retrospect 5.0 clients-only?
    • 'Workgroup' version (20 remote clients) needed to run on AppleShare IP Servers or Mac OS X Servers ('Desktop' version no longer works).
    • SuperDrive cannot use CD-RW media for Retrospect backup.
    • SCSI cards that use to work with Retrospect 4 don't work with Retrospect 5.
    • Many other problems.
Upcoming Events
  • Apple's Worldwide Developers Conference (WWDC) 2002, May 6-10 in San Jose, CA http://developer.apple.com/wwdc2002/
  • MacHack Conference, June 20-22 in Dearborn, MI http://www.machack.com/
  • Macworld Expo NY, July 15-19 in New York, NY http://www.macworldexpo.com/
  • NECC (National Education Computing Conference), June 17-19 in San Antonio, TX http://www.neccsite.org/
  • Summit in the Rockies QuickTime VR Conference, May 14-16, 2002 in Boulder, Colorado http://www.iqtvra.org.
James' entire presentation including a complete list of new Apple and third-party software since March, new Apple hardware releases, Apple retail news, and other Apple related topics can be found on the main Mac Managers web site at: http://www.macos.utah.edu or you can click here.

Integrating Mac OS X and Netware 6 by Dan Sinema

Requirements
Netware 6
  • Native File Access Pack
  • Macintosh Support required
  • UNIX support recommended
  • NOTE: At this point turn on clear text passwords in LDAP
Mac OS X
  • Mac OS X 10.1.3 (Can be done with OS X 10.1.2 but there are limitations)
  • Mac OS X 10.1.3 fixes a bug with the LDAP Plug-in
Modifications
Schema Modifications to Netware
  • Mac OS X XML home directory path
  • Mac OS S home directory path UNIX style (forward slash & no colons)
  • From the root of the machine where they are mounted:
  • Mounts class may go away (tie other things into auxiliary user objects)
  • vfsdir - where to mount the volume
  • vfsopts - multivalued url string (Log in AFP string usually a "guest" password on initial login)
  • vfxtype - format of "opts"
  • NOTE: Above three tell where Mac OS X volume is, where to mount it and how to mount it.
Mac OS X Modifications
  • Directory Setup set to "On"
  • Map paths
Helpful Tools
  • Ldapper from Balyor University: http://www3.baylor.edu/~Carl_Bell/ReadMeFiles/LDapper.html
  • LDAP browsers using Java client
What About OS 9.x?
  • Must have OS X Server
  • Setup LDAP on OS X Server
  • Use mac manager (“all other users”)
  • NOTE: home directly does not have to be on OS X server.
Other Points
  • Some administrators have put in separate directories for Faculty, Staff and Students.
  • The System Preferences can be set so that during login, the name is not automatically selected and entered from a users list. In the "Login Panel" option, activate the option that forces users to enter their login names.
  • Under this system, the user preferences are located in the Library folder. As the user moves from machine to machine, his preferences move with him.
  • The Desktop and Library folders are the only ones that are immediately available in the "out of box" configuration. Anything else that is to be part of each users account will need to be created and assigned by the System Administrator.
  • SSL is a protocol that encrypts LDAP version 2 (or other) traffic. This is needed by some users as LDAP v2 uses cleartext passwords. LDAP v2 will work with a password application called "SSL Enabler". The Application gives "S-Tunnel" users a GUI control panel which can be configured to do LDAP queries of SSL. This is a Temporary fix until LDAP version 3 becomes available to OS X users. The current setup, by itself, will not changes to passwords that can be encrypted.
Dan's presentation provided a very brief overview of how you would integrate Mac OS X and Netware 6. If you have any additional questions or would like information regarding specific issues or topics regarding the integration of Mac OS X and NetWare 6, you can contact Dan at dsinema@apple.com

Apple is working on publishing a document that covers this subject. When it is finished, it will be made available at http://www.macosxlabs.org in the "Documentation" section. The LDAP file will also be available for download at this site.

Mac Hardware Volume Purchase by Richard Glaser

Introduction
A coordinated volume purchase with University of Utah departments and groups that was started back in 1999.

In most instances, the final unit price is $300-$500 less than list. So far, it has saved the University roughly $185,000.
  • 2001 - $ 110,000 ($500 off list)
  • 2000 - $ 45,000 ($289 off list + RAM discount)
  • 1999 - $ 30,000 ($189 off list)
Timeframe
In the past, systems were purchased in May or June. Apple usually announces new hardware releases at:
  • WWDC - May 6th-10th, 2002
  • MacWORLD NY - July 15th-19th, 2002
As a result, those involved do not get the latest, greatest hardware but what is purchased is installed, tested, and running before the start of the semester.

Possible Configurations
iMac - all configurations
  • iMac 700MHz w/CD-RW Drive
  • iMac 700MHz w/ComboDrive
  • iMac 800MHz w/SuperDrive
Power Mac G4
  • Power Mac G4/733MHz
  • Power Mac G4/800MHZ
Issues
  • Expandability - Is this important? What do you need expandable?
  • Hard Disk Size - 40GB, 60GB, 80GB, larger?
  • Memory - 128 MB, 256 MB 512 MB, more?
  • Processor - PowerPC G4 at 700MHz, 733MHz, 800MHz, faster?
  • Removable Media - Floppy, ZIP, CD-RW, ComboDrive, SuperDrive, Other?
  • Video Card - ATI Radeon 7500, NVIDIA GeForce4 MX, and NVIDIA GForce2 MX
iMac G4 - The New Kid on the Block
  • Bus Speed - 100 MHz
  • Display - Built-in 15-inch (viewable) TFT active-matrix
  • Hard Disk - 40GB or 60GB Ultra ATA
  • Processor - PowerPC 700 or 800 MHz
  • Storage - CD-RW, ComboDrive or SuperDrive
  • Video Card - NVIDIA GeForce2 MX
  • Pro’s
    • All in one design
    • Small space requirements
    • 15-inch LCD brighter less space
  • Con’s
    • All in one design
    • Not as upgradable or expandable
    • Bus speed is 100 MHz versus 133 MHz?
    • Easy access to RAM, need to secure access
    • 15-inch LCD take lab abuse versus CRT?
  • Purchase with Applecare
Miscellaneous
Laptop Volume Purchase? Is there enough interest?
  • Need roughly 30+ to pursue
  • iBook ($ 1,099 - $ 1,699 list)
  • PowerBook G4 ($ 2,069 - $ 3,329 list)
Other hardware?
  • Airport Base Stations/Cards
  • iPod
  • Others?
Software Volume Purchase?
  • Is there enough interest?
  • Mac OS X
  • Final Cut Pro
  • iDVD Studio
  • Others?
Questions or Comments
  • Graphics cards - Evaluations of available cards will come later once the research is done.
  • End of the second quarter is when Apple wants to get last year's hardware out the door. As a result, good will start to appear around June 30th.
  • Time is factor especially if purchases want to gamble on new and substantially better hardware being announced in July.
  • Minimum purchase is 100 units of same configuration.
  • Extra discounts on separate or specialty machine configurations are possible if the order goes in on the same Purchase Order.
  • CRT issues - Do we want to have them bundled with the CPU’s again? Mitsubishi monitors were not all that well received.
  • What about purchasing third-party LCD displays? There is a big cost factor in buying these displays.
If you are interested in participating in this year's volume purchase, interested in information regarding Apple educational pricing or hardware configurations, or if you want to meet with Mark Linnell, the Apple sales representative for educational sales in Utah, please contact Richard Glaser here.

Those departments, groups, and individuals participating will need to submit to Richard, estimates of numbers and machine configurations as soon as possible.

Mac OS X Security By James Reynolds

Security should be the number one concern when deploying a Mac OS X lab. Because Universities are commonly targeted and because of Unix's power, it is paramount that a lab of Unix computers do not get compromised. While out-of-the-box Mac OS X is a very secure compared to other UNIX operating systems, Mac OS X is not secure against a user sitting at the computer. In the case of a lab where most users are not trusted. This means that extra measures need to be taken to make Mac OS X more secure.

James' presentation was based on a larger, more detailed evaluation of Mac OS X security issues that is being conducted as part of the Higher Education Mac OS X Lab Deployment Initiative. When completed, the full evaluation will be available for viewing at http://www.macosxlabs.org in the "Documentation" section under the heading "Security of Lab Machines".

Mac Administrator & Kerberos Authentication By Mike Kimball

Mac Administrator is a system management tool from Hi-Resolution Systems that is designed to give system administrators the ability to remotely conduct a administrative, maintenance, management, monitor, and security functions on either individual machines or groups of machines. Mac Administrator does not possess built-in authentication services but it is designed to work in concert with other applications designed specifically for that purpose.

One such authentication application is Kerberos. Developed by MIT, Kerberos provides security on physically insecure networks. It essentially allows users to validate their identity to a server or other computer system whereby they can have access to that computer's services. It also protects password information transmitted over the network by using a standard encryption-based authentication technique.

Mike's presentation was based on a larger, more detailed evaluation project he is currently working on as part of Student Computing Mac Support's transition to Mac OS X with authentication services. Eventually, a series of web pages documenting this project and covering operational requirements, client machine integration, deployment strategies, and resources will be made available at the main Mac Managers Website at: http://www.macos.utah.edu or you can click here.

Other Issues

A few additional issues were brought up during the course of the meeting:
  • Richard and James will be attending this year's WWDC conference in May. If there are any issues that you would like them to inquire about or if there is a session that you would like for them to attend, please let them know here. Conference schedules and session topics are available on the web at http://developer.apple.com/wwdc2002/
  • If there is a topic you would like to see discussed at a future Mac Managers Meeting, please let us know here.