cosign is a Web single sign on system that allows users to authenticate once per session and access any protected Web resources at the institution. If used, passwords are sent only to a single, central URL. Sessions have both idle and hard timeouts, and users can logout of all protected services by visiting a single URL. The use of public key cryptography ensures that a compromise of a protected Web server has no impact on the security of other participating servers.
Fugu SSH is a Mac OS X graphical frontend to OpenSSH's Secure File Transfer application (SFTP). SFTP is similar to FTP, but, unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and it is thus much less vulnerable to third-party interception. Fugu allows you to take advantage of SFTP's security without having to sacrifice the ease of use found in a GUI. Fugu also includes support for SCP files transfers, and the ability to create secure tunnels through SSH.
iHook is a graphical frontend for any command-line executable. It gives scripts a pleasant Aqua face, and allows script writers to provide graphical feedback without having to learn one of the higher APIs available for Mac OS X. iHook accomplishes this through its ability to understand a set of directives. When a script writes an iHook Directive to stdout, iHook will modify its own interface based on the content of the Directive. In this way, a simple shell script can have an Aqua interface, complete with a progress bar and drawer. When launched in the Finder, iHook prompts the user to choose a script to run; iHook also accepts file drops on its icon, and will attempt to run the dropped file. When no user is logged in, iHook tries to execute /etc/logout.hook. This makes iHook highly useful as an interface for Mac OS X LogoutHooks.
nefu (network fidelity utility) is a Unix daemon that monitors services over the network. It uses a "no false alarms" fault verification algorithm, and understands network dependancies. Natively-monitored protocols include ICMP echo (ping), SSH, IPP, DNS, HTTP, POP, NTP, IMAP, SMTP, and LDAP, as well as having facilities to execute external programs. Status pages are available via finger or the Web.
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. At its core, radmind operates as a tripwire. It is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change. Each managed machine may have its own loadset composed of multiple, layered overloads. This allows, for example, the operating system to be described separately from applications. Loadsets are stored on a remote server. By updating a loadset on the server, changes can be pushed to managed machines.
radmind Anyone using radmind to manage the filesystems of computing clusters? We use it to manage about a hundred Solaris machines, in addition to around 800 Mac OS X machines. :w