Kerberos for Macintosh Login Authentication, Help?
smcguire at MIT.EDU
Mon Oct 21 21:35:15 EDT 2002
At 5:54 PM -0700 10/21/02, Henry B. Hotz wrote:
>Also modified /etc/authorization as follows:
>><!-- Do kerberos authentication as a side-effect of loggin in.
>>Local username/password will be used.
>> <string>switch_to_user, krb5auth:login</string>
>Now kinit/klist/kdestoy work fine. The Kerberos GUI also works
>fine. I've restarted the computer and when I log back in klist shows
>no tickets. I have not installed the Kerberos Extras, but I don't
>think I need them. What else do I need to do to get the login
>authenticator to work?
I can help with this part of your questions. The originally
published Apple documentation for the authenticator had a typo in it.
You need to eliminate the space between "switch_to_user" and
"krb5auth:login", that is, the line should read:
You should re-read and check your changes against the current version
of the "Mac OS X 10.2: How to Enable Kerberos Authentication for
Login Window" document, which has had a few problems corrected since
it was first released:
but removing the space should allow getting Kerberos tickets as a
side effect of logging in.
Scott McGuire / smcguire at mit.edu
MIT Information Systems Macintosh Developer
More information about the krbdev