For the past few years I’ve suffered this seemingly random problem when connecting to a Solaris or Mac OS X server via SSH: the connection would take forever to negotiate. It would connect, exchange keys, but then pause for up to a minute, plus or minus eternity, before proceeding with authentication. I finally took some time to figure out how to make it go away. Here’s what I did.

The problem seems to be related to forward and/or reverse DNS lookups. A large number of IP addresses given out on the networks that I connect from do not have proper name entries in the network owner’s DNS. By default, both Solaris and Mac OS X Server try to lookup DNS names before proceeding with authentication. Luckily, that behavior is easy to turn off.

On Solaris

Sun’s /etc/ssh/sshd_config file can have these options for disabling the time-wasting DNS lookup behavior:


LookupClientHostnames no
VerifyReverseMapping no


On Mac OS X Server

Apple deploys OpenSSH, and it’s /etc/sshd_config file can include this option:

UseDNS no


Update your sshd_config files with these options, or ask your sysadmin to do it for you, and you’ll be connecting instantly.

I recently installed and configured GNU Mailman on Solaris 10 and found the documentation a little lacking, so here are a few tips that you may find useful.

(more…)

Adding Leopard’s LDAP Container Objects to the UNIX LDAP Server

In the first article in this series, I described how to get the schema data out of Leopard and into a Sun ONE Directory Server. In this article, I’ll describe how to get the container objects out of Leopard’s LDAP server, and add them to the UNIX directory. These container objects will hopefully hold data relevant for assigning access to Apple’s Blog & Wiki server, among other things.

I say “hopefully” because I’m writing as I go, and I don’t know how it will turn out. However, given that others have had success at employing this method to get NFS automounting home directories working from Solaris LDAP, there is good reason to believe that it will work for other OSX services as well.

(more…)

This article will add to Rajeev Karamchedu’s excellent post, “Integrating Mac OS X into Unix LDAP Environment with NFS Home Directories”, only with Leopard Server instead of Tiger. My goals are a bit different from Rajeev’s: I am not interested in automounting home directories with NFS, but rather in augmenting UNIX accounts from Sun’s LDAP directory so that they can be used with Apple’s collaboration services. This information is also relevant for those who are looking for auto-mounting home directories, however.

Rajeev used Tiger server, which has a different apple.schema file from Leopard. It looks like he upgraded his Tiger server to Leopard instead of starting with a clean install of Leopard, so he may not have encountered the same obstacles as those of us who are starting from a non-upgraded Leopard server. The procedure is basically the same, but we need a new schema file (Leopard’s LDAP schema has an additional 400+ lines!), and we’ll need to add some missing attributes to it. Conveniently, I am also integrating with Sun ONE Directory Server 5.2. However, this methodology should apply equally to any LDAPv3 compliant directory server, such as OpenLDAP.

(more…)