You can remove apps that you downloaded and installed from the internet or from a disc.On your Mac, click the Finder icon in the Dock, then click Applications in the.Do one of the following:.If an app is in a folder, open the app’s folder to check for an Uninstaller. ![Mac](/uploads/1/2/6/5/126561687/269480316.png)
![Mac](/uploads/1/2/6/5/126561687/269480316.png)
MacOS Server brings even more power to your business, home office, or school. Designed to work with macOS and iOS, macOS Server makes it easy to configure Mac and iOS devices. It’s also remarkably simple to install, set up, and manage. Add macOS Server to your Mac from the Mac. This Mac mini could be your new server. One of the primary uses of my Mac mini is as a portal into my home network. When I’m away from the house, or on a business trip.
With Mac OS X Server you can configure network accounts that have user home directories hosted on the server. See the earlier post on Home Network Management Strategies as to why this is useful, and refer to Mac OS X Server User Management for specific configuration details. You have a choice of protocols you may use to share these home directories on the network, and the protocol selection has a number of consequences that may not be clear from the documentation.
Share Point Protocols
The default protocol recommendation for sharing out network home directories from Apple is AFP and it is touted as being more secure than NFS. According to the Mac OS X Server User Management documentation:
“The preferred protocol is AFP because it provides authentication-level access security. A user must log in with a valid name and password to access files. NFS file access is based not on user authentication, but on the user ID and the client IP address, so it is generally less secure than AFP. Use NFS only if you need to provide home folders for a large number of users who use UNIX workstations.”
While that is good advice in the general case, it’s not completely accurate if you have Kerberized your server and set the share point to require Kerberos authentication.
Both AFP and NFS protocols support secure authentication, and I would suggest that AFP is actually less secure because you cannot enforce data integrity and privacy (encryption) like you can out of the box with NFS.
When I first configured my server I started with AFP until I discovered that network home directories shared with AFP do not support concurrent logins with fast user switching because the first user to login owns the mount and it can’t be replaced by another login. With NFS, the the system owns the local mount point and so it doesn’t need to be replaced each login.
Kerberos Authentication
NFS with Kerberos worked well until I stumbled across what appears to be a bug in Snow Leopard. When you login, the system uses your password to authenticate with the Kerberos server and obtain a ticket that authorizes you on the network. Well, I don’t log in and out frequently except when prompted by returning from the screen saver. What I noticed was that after unlocking my workstation I was unable to sync my home folder from my mobile account and was informed that the NFS share was unavailable. After firing up Terminal and attempting to change to the mount point under /Network/Servers/myserver/Users I received “permission denied”.
As it turns out, Kerberos was doing its job. My Kerberos ticket had expired and because I didn’t go through the full login process my ticket wasn’t renewed. You can type klist from Terminal to see whether you have any valid tickets, or you can use the Ticket Viewer available from Keychain Access. You can also use the Ticket Viewer to obtain a new ticket, after which your NFS share should be accessible again.
Renew Tickets Automatically after Screen Saver
Manually renewing tickets is not really something you want to have to do, especially on a home network. This Apple Technical Support article describes a workaround to obtain a ticket granting ticket when logging in from the screen saver.
- From the Go menu choose Go to Folder
- Type /etc
- Click Go
- Open the file named 'authorization' in a text editor
- Find the following text in the 'system.login.screensaver” entry:
<string>The owner or any administrator can unlock the screensaver.</string>
Change it to this:<string>(Use SecurityAgent.) The owner or any administrator can unlock the screensaver.</string> - Save the file
Renew Tickets Before Expiry
Mac Os Server For Mojave
If you stay logged in for a while, you may still run into an issue where your ticket expires. This renewal is supposed to be handled for you automatically by a launch agent. To see how yours is doing, type the following at a terminal:
launchctl list com.apple.Kerberos.renew.plist
You should see a list similar to this.
![Home Home](/uploads/1/2/6/5/126561687/539520883.png)
launchctl list com.apple.Kerberos.renew.plist
{
'Label' = 'com.apple.Kerberos.renew.plist';
'LimitLoadToSessionType' = 'Aqua';
'OnDemand' = true;
'LastExitStatus' = 1;
'TimeOut' = 30;
'ProgramArguments' = (
'/usr/bin/kinit';
'-B';
);
};
{
'Label' = 'com.apple.Kerberos.renew.plist';
'LimitLoadToSessionType' = 'Aqua';
'OnDemand' = true;
'LastExitStatus' = 1;
'TimeOut' = 30;
'ProgramArguments' = (
'/usr/bin/kinit';
'-B';
);
};
If the LastExitStatus row doesn’t have a 0 next to it, then your tickets are probably failing to renew. You can work around this by modifying /System/Library/LaunchAgents/com.apple.Kerberos.renew.plist. Change the –B program argument to –R.
Mac Os Server 2019
<key>ProgramArguments</key>
<array>
<string>/usr/bin/kinit</string>
<string>-R</string>
</array>
<array>
<string>/usr/bin/kinit</string>
<string>-R</string>
</array>
![Mac Os Server For Home Mac Os Server For Home](/uploads/1/2/6/5/126561687/187372365.gif)
After making this change, restart the launch agent.
launchctl stop com.apple.Kerberos.renew.plist
launchctl start com.apple.Kerberos.renew.plist
launchctl start com.apple.Kerberos.renew.plist
Now the system should renew your tickets.
launchctl list com.apple.Kerberos.renew.plist
{
'Label' = 'com.apple.Kerberos.renew.plist';
'LimitLoadToSessionType' = 'Aqua';
'OnDemand' = true;
'LastExitStatus' = 0;
'TimeOut' = 30;
'ProgramArguments' = (
'/usr/bin/kinit';
'-R';
);
};
{
'Label' = 'com.apple.Kerberos.renew.plist';
'LimitLoadToSessionType' = 'Aqua';
'OnDemand' = true;
'LastExitStatus' = 0;
'TimeOut' = 30;
'ProgramArguments' = (
'/usr/bin/kinit';
'-R';
);
};
Conclusion
While I am glad to have found solutions, it wasn’t particularly obvious looking at the symptoms what the root cause and workarounds for these issues were. A better experience would have been:
- Documentation that more clearly stated the difference between AFP and NFS protocols as well as the authentication options available with NFS. The full Server Manager guide explains this in a bit more detail, but User Management could cover this at the high-level to make the trade offs more clear.
- Help available directly from the Server Manager dialog for share points explaining the limitations (no fast user switching, no encryption) with AFP.
- Auto-renewal of Kerberos tickets on screen saver login and before expiry without config file hacking. I find it surprising that this doesn’t just work out of the box on Mac OS.