After Xcode is installed we can now compile the OMI package, which can be downloaded here: OMI Source 1.0.7. You can also check for the latest version here:


If you downloaded the OMI Package on your MAC, double click the package to unzip the archive. If you are using Windows, you will need something like 7zip (freely available) to unzip the archive.


I unzipped my archive and saved it to Document/omi-1.0.7, but you can choose your own directory. Before we can compile OMI we need to download compile and install the package pkg-config. Pkg-config is used by the OMI package for configuration so we need to satisfy this dependency. The latest pkg-config source can be downloaded here. I have found that some of the newer versions of the pkg-config package do not compile well on a Mac so I use the pkg-config-0.18.1.tar.gz which should also work for you. After downloading the package I unzipped the archive and saved it to Documents/pkg-config-0.18.1. Now open a terminal window (open a finder window and click Applications -> Utilities -> Terminal) and cd into the pkg-config-0.18.1 directory. Once in the directory issue the ./configure command at the command prompt.


If there are no errors creating the configuration, issue the make command.


Now if there are no errors, issue the sudo make install command. This will prompt you for an admin password because it wants to install the compiled files.


We also need to set the pkg-config path so it can find all the libraries:

  • export PKG_CONFIG_PATH=/usr/lib/pkgconfig

Also before compiling, check that the file /usr/lib/pkgconfig/openssl.pc has the same paths as in the screenshot:




Now the OMI package install is not made for OSX, this is why the PAM modules need to be registered manually if we want to use certificates for secure communication. To create the PAM entry, create a file named “omi” in the /etc/pam.d directory. In the omi file ad the following text entries:



# The configuration of omi is generated by the omi installer.

# sshd: auth account password session

auth optional use_kcminit

auth optional try_first_pass

auth optional try_first_pass

auth required try_first_pass

account required

account required sacl_service=ssh

account required





We are now all set to build the OMI package. CD into the omi-1.0.7 directory and issue the commands:

  • ./configure
  • make
  • sudo make install

Note that after issuing the ./configure command you will receive the error “pam script is not supported on Mac-OS yet“. You can safely ignore this error because already we registered the PAM modules manually.

Just like we did with building the pkg-config package, if OMI installed successfully, the output should look something like this:




So let’s test our OMI installation. If you are not logged in as root, su into root (su root). Then cd into /opt/omi-1.0.7/bin and start the OMI server by typing ./omiserver -d You can find all the server commands by running ./omiserver –help Now we can test the omi server by running ./omicli id the output should be something like in the screenshot:



So woohoo! Our OMI server is running on our Mac and accessible by a client. In part 3 of this blog we will explore how to query the OMI server by using Powershell.