k2clientconfig (Mac)

Overview

The k2clientconfig script is an OS X command line utility that lets you customize the packaged OS X client installer (K2Client.mpkg or K2Mobile.mpkg) with a pre-configured KeyServer DNS name (or IP address). You can also customize other client settings and the installer behavior itself to suit your particular deployment strategy.

The packaged installers for Mac OS X are in found in the folder /Miscellaneous/Mac OS X Extras/, which is part of every complete image archive for K2 version 6.0. Here you will find disk image files, K2Client.dmg and K2Mobile.dmg, that contain pre-configured installers for desktop (K2Client.mpkg) and mobile (K2Mobile.mpkg) computers. Note: the only difference between these two installers is their default configuration - K2Client.mpkg does not install KeyCheckout, K2Mobile.mpkg does. Copy either one of these from the mounted dmg onto a writable volume and k2clientconfig can change one into the other as well as the more interesting customizations explained below.

In order to customize a copy of K2Client.mpkg, use the Mac OS X Terminal program. First, copy the K2Client.mpkg from the .dmg onto a writeable drive. Then cd to the package directory - from the command prompt in the terminal window type "cd " and then drag the K2Client.mpkg (which is itself actually a directory) into the terminal window. Now with K2Client.mpkg as the current directory type:

./Contents/Resources/k2clientconfig

The command line options for k2clientconfig will be displayed. The table below gives a more complete explanation with defaults underlined and some additional comments. Running k2clientconfig with a particular set of command line options changes ONLY those options specified on the command line, leaving all other options set to their current values. Therefore, it not necessary to specify every command line option - only those which you would like to change.

k2clientconfig

Usage: K2Client.mpkg/Contents/Resources/k2clientconfig [options]

do not remove k2clientconfig from the mpkg

Command Line Options:

-d: display current settings (other options are ignored)
-h <host>: set IP address or DNS name of KeyServer to <host> (default DNS name: keyserver)
-s {0|1|2|3}¹: interface level displayed when the mpkg installer is run
     0: user can change settings
     1: user can see settings but cannot change them
     2: user cannot see any settings besides standard mpkg interface
        use this option if you are distributing the mpkg with Remote Desktop
        to prevent anything from appearing on the client computer
     3: same as 2
-g {yes|no}: override current ka address with address specified by mpkg
yes: address specified by mpkg will be used
no: current ka address will be used if present
-c {yes|no}: allow installation of KeyCheckout
yes: KeyCheckout will be installed unless user chooses not to (default for K2Mobile.mpkg)
no: user cannot install KeyCheckout (default for K2Client.mpkg)
-t {yes|no}: allow installation of KeyVerify
yes: KeyVerify will be installed unless user chooses not to
no: user cannot install KeyVerify
-a {yes|no}: allow installation of KeyAccess Classic (requires OS 9)
yes: KeyAccess Classic will be installed unless user chooses not to
no: user cannot install KeyAccess Classic
-k {yes|no}: kill KeyAccess before install
yes: KeyAccess will be killed (quit) before the install begins
no: KeyAccess will not be killed (quit) before the install begins
-r {yes|no}²: run KeyAccess after install
yes: KeyAccess will be started after install completes
no: KeyAccess will not be started after install completes
-b {yes|no}: reboot after install
yes: prompt for a reboot after install
no: do not prompt for a reboot after install
-o {yes|no}³: delete receipts for KeyAccess pkgs after install
yes: delete receipts for KeyAccess pkgs after install
no: do not delete receipts for KeyAccess pkgs after install
-l {yes|no}: lock KeyAccess settings
yes: after install, KeyAccess settings will be locked to users
no: after install, KeyAccess settings will not be locked to users
-z {user|comp}: source of value used as login name
user: KeyAccess will use user name as login name
comp: KeyAccess will use computer name as login name

1 Note that by default, the installer will prompt for the KeyServer address during installation. If you are using Apple Remote Desktop for distribution of the mpkg, this dialog will appear on the computer where the software is being installed - not on the computer where Remote Desktop is running. Therefore, you will probably want to configure the KeyServer address, and set the installer to silent mode. To do so, you would do something like:

./Contents/Resources/k2clientconfig -h 192.168.0.16 -s 2 -g yes (where K2Client.mpkg is the current directory)

2 "-r yes" will start KeyAccess after installation. In order to do so, it must kill any currently running KeyAccess. If you do not use keyed software, this has no unexpected consequences - if the client has a connection to KeyServer, it will close the connection, and the newly installed KeyAccess will open a new connection. However, if a keyed program is running when this happens, the new session will not ask for the key again. Therefore, KeyAccess will ask the user to quit the keyed program about 15 minutes after the installation. For this reason, you should only use "-r yes" if your clients do yet have KeyAccess software installed, or if you do not use any keyed programs. If you use "-r yes", you may want to also use "-b no", since a restart is no longer necessary. e.g.:

./Contents/Resources/k2clientconfig -r yes -b no (where K2Client.mpkg is the current directory)

3. For one more example, suppose you want users who run the mpkg installer not to be able to choose the server address. After installation, you don't want them to be able to see the KeyAccess Preference Panel, and don't want them to be able to make changes (such as changing the KeyServer address). In this case, with K2Client.mpkg as the current directory type something like:

./Contents/Resources/k2clientconfig -h 192.168.0.16 -s 2 -g yes -p no -l yes (where K2Client.mpkg is the current directory)

Technical Details

The behaviour of a packaged OS X client installer is determined by which sub-packages (pkg) are included in the meta-package (mpkg) and on the configuration of its various plist files. K2clientConfig provides a simple command line interface to manipulate the plist settings in both the meta-package and its sub-packages, but the plists could also be edited by hand. Most of the common command line options correspond to settings in the file:

Contents/KeyAccess.pkg/Contents/Resources/k2clientconfig.plist

The K2clientConfig utility customizes the XML keys values in the plist file as follows:
-h <host>: KSAddress key is set to <host>
-s {0|1|2|3}: for 0:     AddressPromptUser key is set to 1 and AddressDisableChange key is set to 0
for 1:     AddressPromptUser key is set to 1 and AddressDisableChange key is set to 1
for 2:     AddressPromptUser key is set to 0 and AddressDisableChange key is set to 1
for 3:     AddressPromptUser key is set to 0 and AddressDisableChange key is set to 1
-g {yes|no}: AddressDefaultCurrent key is set to 1 or 0
-l {yes|no}: KASettingsLocked key is set to 1 or 0
-z {user|comp}: UseComputerName key is set to 0 or 1

Entire sections from the Contents/Info.plist file are added or removed when the installer is configured to include or exclude various sub-packages. You can determine what these other options do by reading the k2clientconfig script.

Note: the OS X installer has a step at the end of installation where it says “Optimizing”. This is really a call to "update_prebinding" and the mpkg has no direct control over this step - it always happens and may take about 30 seconds to complete. The "-o yes" option removes the KeyAccess pkg receipts from /Library/Receipts which then forces the update_prebinding step to have no effect. For more information on prebinding, search for "Software Distribution: PackageMaker and Installer features" on the Apple developer web site.

Help Index

2005.08.22