[Fed-Talk] Trouble with CITRIX 10.0 Beta and CAC (UNCLASSIFIED)
[Fed-Talk] Trouble with CITRIX 10.0 Beta and CAC (UNCLASSIFIED)
- Subject: [Fed-Talk] Trouble with CITRIX 10.0 Beta and CAC (UNCLASSIFIED)
- From: "Wright, Gary \"Seth\" Mr /ASD, Inc." <email@hidden>
- Date: Mon, 19 Nov 2007 08:51:00 -0600
- Importance: normal
- Priority: normal
- Thread-topic: Trouble with CITRIX 10.0 Beta and CAC (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: None
To All,
I am still unable to log into CITRIX Beta Client 10.0 with my CAC. When the new version of CITRIX was released I was under the impression that it would work with any Gov't issued CAC. Then I heard it through the grapevine that the OS X update for Tiger: 10.4.11 had to be installed before the new CITRIX would play well with all CACs. Well the update has been released and I installed it and tested the new CITRIX client again. Still no luck. Does anyone have any guidance?
Thanks,
email@hidden
-----Original Message-----
From: fed-talk-bounces+seth.wright=email@hidden [mailto:fed-talk-bounces+seth.wright=email@hidden] On Behalf Of email@hidden
Sent: Sunday, November 18, 2007 2:05 PM
To: email@hidden
Subject: Fed-talk Digest, Vol 4, Issue 284
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: Macs getting Flagged (UNCLASSIFIED)
(Williams, Earl M CIV SPAWAR, SSC-SD 246210)
2. Re: Macs getting Flagged (UNCLASSIFIED) (Joel Esler)
3. Re: Macs getting Flagged (UNCLASSIFIED) (Joel Esler)
4. SMB --> Samba & smbfs (Shawn A. Geddis)
5. Image optimization glitch with Iweb
(Villano, Paul Ch CIV USA TRADOC)
----------------------------------------------------------------------
Message: 1
Date: Sat, 17 Nov 2007 15:00:20 -0800
From: "Williams, Earl M CIV SPAWAR, SSC-SD 246210"
<email@hidden>
Subject: Re: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
To: "Apple Fed Talk" <email@hidden>
Message-ID: <199E78E89C08C04994EF6574D26182F3C570E6@nawespscez03>
Content-Type: text/plain; charset="us-ascii"
Bob,
Your guess about Windows Sharing is correct.
I too was flagged for the following network vulnerabilities last August:
HIGH VULN: SAMBA MULTIPLE BUFFER OVERFLOW VULNERABILITIES - MAY 2007 HIGH VULN: FOUND VALUE: UNIX SAMBA 3.0.10 NULL SESSION MEDIUM VULN: MIN PASSWORD LENGTH MEDIUM VULN: MAX PASSWORD AGE MEDIUM VULN: ACCOUNT LOCKOUT THRESHOLD
A 29 May 2007 MacWorld article
<http://www.macworld.com/news/2007/05/29/samba/index.php
<http://www.macworld.com/news/2007/05/29/samba/index.php> > suggests that all of these vulnerabilities are related solely to Windows file sharing via Samba. As soon as I disabled that on my MacBook Pro (in the Sharing pane of System Preferences), my MacBook Pro passed the security scan just fine.
Regards,
Earl Williams
On Nov 16, 2007, at 12:04 PM, email@hidden wrote:
Date: Fri, 16 Nov 2007 10:17:29 -0600
From: "Blankenship, Bob J Mr CTR USA IMCOM"
<email@hidden>
Subject: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
To: "Apple Fed Talk" <email@hidden>
Message-ID:
<email@hidden.m
il>
Content-Type: text/plain; charset="us-ascii"
Classification: UNCLASSIFIED
Caveats: NONE
The Macs in our building are getting flagged on a network scan report.
The areas we are getting flagged are password length does not meet minimum requirements of 8 characters and password age cannot be over 90 days. We can change our passwords and that may fix the 90-day problem but my password is 11 characters long so it already meets the minimum length requirement. Not sure why I am getting flagged on this one unless it because of the shared folders I have set up. Is there somewhere on a control panel to set the minimum password length?
The other area is "account lockout threshold" and the duration of how many minutes before the account becomes unlocked and how many times a user can attempt to log in before they are locked out. Anyone have suggestions on how do we change this?
The last item is Multi heap buffer overflows. They say to fix this problem by upgrading to Samba 3.0.25 or later. Anyone know if Leopard has this version of Samba or later? Might be a way for me to get some OS upgrades.
We have Personal File Sharing, Windows Sharing, and Printer Sharing turned on. I think the Windows Sharing uses Samba but not sure.
I wouldn't be surprised if somehow all this is not directly related Samba and Windows Sharing.
Any suggestions will be appreciated.
Thanks
Bob Blankenship
Classification: UNCLASSIFIED
Caveats: NONE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.apple.com/mailman/private/fed-talk/attachments/20071117/e44d9ef3/attachment-0001.html
------------------------------
Message: 2
Date: Sat, 17 Nov 2007 17:42:47 -0600
From: Joel Esler <email@hidden>
Subject: Re: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
To: "Williams, Earl M CIV SPAWAR, SSC-SD 246210"
<email@hidden>
Cc: Apple Fed Talk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Obviously the scan results are flawed. 3.0.25b is the current version.
Www.apple.com/opensource
If you can disprove part of a scan result, how can you trust the scan at all?
--
Joel Esler
Sent from the road.
On Nov 17, 2007, at 5:00 PM, "Williams, Earl M CIV SPAWAR, SSC-SD 246210" <email@hidden> wrote:
> Bob,
>
> Your guess about Windows Sharing is correct.
>
> I too was flagged for the following network vulnerabilities last
> August:
> HIGH VULN: SAMBA MULTIPLE BUFFER OVERFLOW VULNERABILITIES - MAY 2007
> HIGH VULN: FOUND VALUE: UNIX SAMBA 3.0.10 NULL SESSION MEDIUM VULN:
> MIN PASSWORD LENGTH MEDIUM VULN: MAX PASSWORD AGE MEDIUM VULN: ACCOUNT
> LOCKOUT THRESHOLD
>
> A 29 May 2007 MacWorld article
> <http://www.macworld.com/news/2007/05/29/samba/index.php
> > suggests that all of these vulnerabilities are related solely to
> Windows file sharing via Samba. As soon as I disabled that on my
> MacBook Pro (in the Sharing pane of System Preferences), my MacBook
> Pro passed the security scan just fine.
>
> Regards,
> Earl Williams
>
>
> On Nov 16, 2007, at 12:04 PM, email@hidden wrote:
> Date: Fri, 16 Nov 2007 10:17:29 -0600
> From: "Blankenship, Bob J Mr CTR USA IMCOM"
> <email@hidden>
> Subject: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
> To: "Apple Fed Talk" <email@hidden>
> Message-ID:
>
> <email@hidden
> .mil
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> The Macs in our building are getting flagged on a network scan report.
> The areas we are getting flagged are password length does not meet
> minimum requirements of 8 characters and password age cannot be over
> 90 days. We can change our passwords and that may fix the 90-day
> problem but my password is 11 characters long so it already meets the
> minimum length requirement. Not sure why I am getting flagged on this
> one unless it because of the shared folders I have set up. Is there
> somewhere on a control panel to set the minimum password length?
>
> The other area is "account lockout threshold" and the duration of how
> many minutes before the account becomes unlocked and how many times a
> user can attempt to log in before they are locked out. Anyone have
> suggestions on how do we change this?
>
> The last item is Multi heap buffer overflows. They say to fix this
> problem by upgrading to Samba 3.0.25 or later. Anyone know if Leopard
> has this version of Samba or later? Might be a way for me to get some
> OS upgrades.
>
> We have Personal File Sharing, Windows Sharing, and Printer Sharing
> turned on. I think the Windows Sharing uses Samba but not sure.
>
> I wouldn't be surprised if somehow all this is not directly related
> Samba and Windows Sharing.
>
> Any suggestions will be appreciated.
>
>
>
> Thanks
>
>
> Bob Blankenship
> Classification: UNCLASSIFIED
> Caveats: NONE
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.apple.com/mailman/private/fed-talk/attachments/20071117/be240db6/attachment-0001.html
------------------------------
Message: 3
Date: Sat, 17 Nov 2007 17:48:38 -0600
From: Joel Esler <email@hidden>
Subject: Re: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
To: "Moore, Michael A." <email@hidden>
Cc: "Blankenship, Bob J Mr CTR USA IMCOM"
<email@hidden>, Apple Fed Talk
<email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Samba = smb for non-windows. The advantage of osx is that you can turn smb off and on when needed.
--
Joel Esler
Sent from the road.
On Nov 16, 2007, at 11:45 AM, "Moore, Michael A." <email@hidden>
wrote:
> If this relates to Windows (SMB/CIFS) shares being flagged, then check
> out the Samba Project documentation on how to institute various
> password policies specifically for Samba. The Samba passwords are
> stored separately from the Mac OS X password store. (At least this is
> the way it was in Tiger, have not fully researched Leopard yet.)
>
> -m
>
> -----Original Message-----
> From: fed-talk-bounces+mamoore=email@hidden
> [mailto:fed-talk-bounces+mamoore=email@hidden] On Behalf
> Of James Alcasid
> Sent: Friday, November 16, 2007 12:30 PM
> To: Blankenship, Bob J Mr CTR USA IMCOM; Apple Fed Talk
> Subject: Re: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
>
> By default their are no global policy defaults for passwords on MacOSX
> Client and Server.
>
> For what you are trying to accomplish check the man pages on pwpolicy.
>
> What you are trying to accomplish might look something like this as an
> example:
>
> sudo pwpolicy - a the_dmin_username -setglobalpolicy "minChars=8
> maxMinutesUntilChangePassword=129600"
>
> I believe DoD specifies a min of 9 characters with two upper AND lower
> case alphas, two numerals and two special characters expiring every
> sixty days.
> It would be best to consult with your local ISO in regards to this.
>
> Leopard ships with version 3.0.25b of Samba.
>
> I would advise against using any kind of peer to peer file sharing if
> you have a server to exchange files to and from.
>
> --
>
> James Alcasid | VTI
> Department of Veterans Affairs
> email@hidden
>
>
>
>> From: "Blankenship, Bob J Mr CTR USA IMCOM"
> <email@hidden>
>> Date: Fri, 16 Nov 2007 10:17:29 -0600
>> To: Apple Fed Talk <email@hidden>
>> Conversation: Macs getting Flagged (UNCLASSIFIED)
>> Subject: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>> The Macs in our building are getting flagged on a network scan
> report.
>> The areas we are getting flagged are password length does not meet
>> minimum requirements of 8 characters and password age cannot be over
> 90
>> days. We can change our passwords and that may fix the 90-day problem
>> but my password is 11 characters long so it already meets the minimum
>> length requirement. Not sure why I am getting flagged on this one
> unless
>> it because of the shared folders I have set up. Is there somewhere on
> a
>> control panel to set the minimum password length?
>>
>> The other area is "account lockout threshold" and the duration of how
>> many minutes before the account becomes unlocked and how many times a
>> user can attempt to log in before they are locked out. Anyone have
>> suggestions on how do we change this?
>>
>> The last item is Multi heap buffer overflows. They say to fix this
>> problem by upgrading to Samba 3.0.25 or later. Anyone know if Leopard
>> has this version of Samba or later? Might be a way for me to get some
> OS
>> upgrades.
>>
>> We have Personal File Sharing, Windows Sharing, and Printer Sharing
>> turned on. I think the Windows Sharing uses Samba but not sure.
>>
>> I wouldn't be surprised if somehow all this is not directly related
>> Samba and Windows Sharing.
>>
>> Any suggestions will be appreciated.
>>
>>
>>
>> Thanks
>>
>>
>> Bob Blankenship
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>>
>> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
------------------------------
Message: 4
Date: Sat, 17 Nov 2007 21:23:44 -0500
From: "Shawn A. Geddis" <email@hidden>
Subject: [Fed-Talk] SMB --> Samba & smbfs
To: Fed Talk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes
On Nov 17, 2007, at 6:48 PM, Joel Esler wrote:
> Samba = smb for non-windows. The advantage of osx is that you can
> turn smb off and on when needed.
Be careful here when referring to Samba and SMB on Mac OS X. There are
two parts to the equation....
1) "Samba" is the "server" to "provide SMB/CIFS services to clients"
- Process running on the machine is "smbd"
- This provides Windows File Sharing Services on Mac OS X Client and
Server
Located: /usr/sbin/smbd
Process: smbd
Man Page: man smbd
Version: Version 3.0.25b-apple ($ smbd -V)
2) "smbfs" is the "client" to "mount a shared resource from an SMB
file Server"
Located: /System/Library/Filesystems/smbfs.fs
Process: mount_smbfs
Man Page: man mount_smbfs
- Shawn
_____________________________________________________
Shawn Geddis  Security Consulting Engineer  Apple Enterprise
------------------------------
Message: 5
Date: Sun, 18 Nov 2007 11:21:24 -0500
From: "Villano, Paul Ch CIV USA TRADOC" <email@hidden>
Subject: [Fed-Talk] Image optimization glitch with Iweb
To: email@hidden
Message-ID: <email@hidden>
Content-Type: text/plain; charset=us-ascii
Has anyone run across a fix for the image optimization glitch in Iweb (latest version)? It insists on converting images (such as a 30 kb .gif file) into much larger (84 kb) .png files rather than vice-versa. The result is that when you publish to a folder you must convert all images and links yourself. I can't find anywhere in the preferences to fix this and when I replace he larger files with the smaller files it still does the same bloating every time it publishes.
Thanks.
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 4, Issue 284
****************************************
Classification: UNCLASSIFIED
Caveats: None
>From Concept to Combat
Celebrating 50 Years of Excellence in Missile Defense and Space
SMDC/ARSTRAT - 1957-2007
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden