Mojave Security Update 2021-004 broke Kerberos for me

No update yet. Things like this are why Apple failed in the enterprise. A bug that blocks users from logging into their computer and/or accessing critical resources, the most basic of requirements, and they don't even bother to fix it for weeks, maybe months.

THANK YOU!!!!

My work laptop has been a BRICK for the last few weeks. It's just been miserable. I couldn't connect to any of our file shares. I couldn't lock my screen without it freezing. If I hovered over the Enterprise Connect icon, my entire laptop would freeze and I would have to do a reboot. I tried so many different things, and this finally fixed it. My organization already hates supporting us devops weirdos that insist on using a MacBook to do our job, so I was a couple of weeks from trading it in for some $400 Windows laptop that let me do my job again. You're a lifesaver.

Matt W (TechnicalMac) wrote:

I just installed this update on a Mojave iMac bound to OD working fine prior to the Security update. Took the machine offline for a day to fix

Thank you for posting this information. There are posts saying this problem only affected mobile users on AD but I'd been taking that information with a pinch of salt as nobody had confirmed there were no problems with other directory technology. I still use mobile users but migrated from OD to LDAP some time ago. It was purely by chance I spotted this thread at the beginning of the month just before updating.

In my opinion if Apple (or any developer for that matter) decide to stop supporting any functionality they need to tell users in advance so users can decide whether to migrate or to risk delaying/stopping updates. If this setup is no longer supported Apple have not done that. If it is supported then there is a serious bug in the update which for some reason they have neither fixed nor, as far as I can find, documented.

Maybe this is dead tech (Server and OD,) and Apple's too inexperienced in their current workforce to care (or actively doesn't,) but a developer friend of mine commented that it seems Apple just doesn't know how to do proper testing anymore, or doesn't care.

I would lean towards Apple not caring too much about macOS in enterprise or even workgroup environments. As a side effect, that results in a workforce that doesn't know and doesn't care much about these environments.

This isn't the only Kerberos related bug either. In Big Sur DDNS is completely broken.

https://www.jamf.com/jamf-nation/discussions/38422/big-sur-problem-dinamic-registration-in-dns-server

I have a local account, but if I log out of the computer and try to log back in, the login screen gets stuck, and I have to force a restart.

Also, the Screen Sharing app will hang when I try to connect to a remote Mac. Again, I can only fix it if I restart my Mac. However, if the Mac goes to sleep for a few hours and then I try to connect to one of the remote Macs, it will freeze again.

It's more to do with the computer industries obsession with rapid release cycles. Current IT guidance is to be at current release minus one or minus two. Anything beyond N-2 is losing vendor and manufacturer support. In a few months, Monterey will push Mojave to being N-3 and at that point, Apple likely won't release any more updates for it.

It is not just Apple, most all operating system vendors and software application developers have increased the pace of their releases.

Pace increase. Not a fan. It's not for the betterment of usability, compatibility or productivity. Maybe security, but only maybe. Heck, when one can't even log in or use the computer, that's pretty darn secure!

I don't really have a problem with the rapid release cycle. What I do have a problem with is the obsession with the next release while completely ignoring what the last release just broke, especially when it's significant.

11.5 released for Big Sur and 2021-004 for Catalina as well. I don't have many Mojave systems left that are actively online. Most have been upgraded to Catalina. But if I come across one I'll let you know if it fixes the Kerberos issue unless someone else beats me to it.

I just updated a Mojave machine that was affected by the last update and... the Kerberos issue seems to be fixed at first glance. Finally!

I just did a quick test to see if I could connect to a server via SMB and it worked, so I'm assuming the underlying issue is fixed. If not I'll report back.

When I get a chance I'll update a Big Sur machine to 11.5 and see if DDNS registration is working now too.

Great work my friend, take care. :)

Thanks! :)👍

You're welcome.