Making Life Miserable With OS X’s NetInfo Database
While most users don’t really know what goes in and out of their NetInfo database and most would stay away from it (rightfully so), yesterday I found myself digging through settings to change the way one of the SWL network’s eMac’s authenticates on startup. The change ultimately revolves around CUPS (a great way to get older and non-compatible printers to print with OS X) and how a change to a different authentication type in one of the OS 10.3 Security Updates alters the way the CUPS system authenticates with the system. Subsequently, you can’t login to the Admin section of the web interface of CUPS (unless you’re logged in as root, which most users shouldn’t be anyway).
Regardless, making changes to the OS X NetInfo database is something to be done with great care, which I lacked yesterday. after changing my settings, I couldn’t undo those changes, so I just let the system be. This led to loads of joy when one of my users called this morning, on my rare day off, to say “Oh and by the way, none of us can login this morning.” After momentary panic and that epiphany that this was from my own desire to screw around with NetInfo on a live server system, I taxi-ed my way back to work and was luckily able to solve the problem with the Password Reset utility available from the menus when you boot from an OS X Install CD. I’m assuming it overwrote the part of the database that I had messed up or overwrote the entire thing; regardless, it worked.
That being said, throughout this whole thing I learned of some faster bi-directional drivers for CUPS, which one can find at http://www.buymelunch.org/printing/usbtb/ from Tyler Blessing (for what it’s worth, these drivers were a “Blessing” - get it, blessing and Blessing). Also, if any other users are having trouble getting in to the Admin section of CUPS, via the web, this stems from an authentication type change (from ;basic; to ;ShadowHash; if you must really know). Anyone in need of getting in to the Admin section can install and uninstall this patch from Matt Broughton, though HEED THE WARNINGS THAT THIS REMOVES ALL AUTHENTICATION WHEN IT COMES TO CUPS, which is only really an issue if you manage one or more printers on a network or if you deal with highly sensitive data (remember the rule of thumb, CUPS opens ports and any open ports are vulnerabilities).
