(Mountain) Lion - OS X (10.8.x)10.7.x

How to completely deinstall Java from OS X.

sudo rm -rf /System/Library/Java/JavaVirtualMachines/*.jdk

sudo rm -rf /Library/Java/JavaVirtualMachines/*.jdk

sudo rm -rf /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
sudo rm -rf /Library/PreferencePanes/JavaControlPanel.prefpane

If you need Java 6 Webstart you can reenable it. If you've deinstalled it before you have to download the latest Java 6 installation from Apple (i.e http://support.apple.com/downloads/DL1572/en_US/JavaForOSX2013-001.dmg and install it.

Please beware that JAVA 6 has some critical secure issues! This is a workaround for people how knows what they do. You shouldn't use this workaround to browse the internet daily - IT'S INSECURE!

sudo mkdir -p /Library/Internet\ Plug-Ins/disabled
sudo mv /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin /Library/Internet\ Plug-Ins/disabled
sudo ln -sf /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
sudo ln -sf /System/Library/Frameworks/JavaVM.framework/Commands/javaws /usr/bin/javaws

Apple blacklists the old Java 6 though you have to uncomment it in the following file. It could be that Apple reset that file after an update, just comment it out again if you run in to trouble starting Java 6 Wesbstart objects again.

sudo vi /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist	
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
        <string>Thu, 31 Jan 2013 04:41:14 GMT</string>
                        <key>com.macromedia.Flash Player.plugin</key>

(Snow)Leopard - OS X (10.6.x)10.5.x

Display directory Path on Finders window top
defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES 
Clear the user immutable flag
chflags -R nouchg [file or directory]
Enable Disk Utility Debug mode
defaults write com.apple.DiskUtility DUDebugMenuEnabled 1


OpenDirectory with self signed certificates

To accept self signed certificates on the Client side, you have to edit the /etc/openldap/ldap.conf:


Adding a Client machine to the OD isn't possible

Reset the Kerboros keychain and the certificates.

  1. In the Utilities folder, open Keychain Access. In the System keychain, find and delete the three com.apple.kerberos.kdc entries - a certificate and a public/private key pair generated from that certificate.
  2. In Terminal, run 'sudo rm -fr /var/db/krb5kdc' - this will destroy the local KDC database.
  3. In Terminal, run 'sudo /usr/libexec/configureLocalKDC' - this will regenerate the local KDC database, including a new certificate and SHA1 hash.
  4. Bind the machine to OD.


SSH authentication via Kerberos

On the Client edit the /etc/ssh_config to:

GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
GSSAPIKeyExchange yes

SWUPD (Software Update Deamon)

Use a different Server (intern) instead of apples.

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "http://new.url_or_ip.de:8088/index.sucatalog"
Add files to logrotate, create an new setup in:


Prepare for a clean OpenDirectory setup

Set Hostname for a clean OpenDirectory setup.

sudo scutil --set HostName <putinyourhostname_or_fqdn_here>

Check the correct DNS and PTR settings.

changeip -checkhostname


List Principles

sudo kadmin.local -q listprincs

Add Principle

krbservicesetup -r [RELEAM] -a [diradmin] -p [password] [service] afpserver/server.url.de@KERBEROS.RELEAM.DE


kadmin.local -p diradmin -q "addprinc -randkey universaltype/afp.intern@OD.INTERN"

Create Keytab

kadmin.local -p diradmin -q "ktadd -k /Users/Shared/universaltype.keytab universaltype/afp.intern@OD.INTERN"

SWUPD (Software Update Deamon)

Doesn't work

Check if the link /usr/share/swupd/html/index.sucatalog is correct. If not create a new one.

 sudo ln -s /usr/share/swupd/html/content/catalogs/index.sucatalog.apple index.sucatalog

If some updates stuck, remove the hole download directory:

rm -rf /var/db/swupd/html

Behind a Proxy

  1. Stop SUS.
  2. Copy /System/Library/LaunchDaemons/com.apple.swupdate.sync.plist somewhere
  3. edit as root and add to the end:




Windows Client errors

"Not Enough Free Disk Space"

Edit /etc/smb.conf and add:

 mangled names = no
Users can't login anymore

Check for extended attributes in the clients home directory:

ls -la

@ means extended attributes.

If the client files in the users home directory has extended attributes, you have to edit the /etc/smb.conf and disable the “streams support” and change the “vfs objects” settings.

vfs objects = darwinacl, darwin_streams
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes

replace with (i.e. remove darwin_streams)

vfs objects = darwinacl
; The darwin_streams module gives us named streams support.
stream support = no
ea support = no 

PHD (Home Directory Sync)

Speedup Sync

Cleanup the sqlite Database

sqlite3 ~/.FileSync/store.filesyncstatetree "vacuum;"


sqlite3 /path/to/nethome/.FileSync/store.filesyncstatetree "vacuum;"
Enter your comment. Wiki syntax is allowed:
   __ __   ___   ____    ___   ____    ___   _   __   ____  _   __ ______
  / // /  / _ | / __ \  / _ \ / __ \  / _ ) | | / /  / __/ | | / //_  __/
 / _  /  / __ |/ /_/ / / ___// /_/ / / _  | | |/ /  / _/   | |/ /  / /   
/_//_/  /_/ |_|\____/ /_/    \____/ /____/  |___/  /___/   |___/  /_/