Kerberos questions

James Reynolds james at
Fri Jul 11 16:26:13 EDT 2003

During the recent Mac OS X Labs Webcast on security, these questions 
came up.  I listed my answers below.  Do you mind looking them over 
to make sure they are acurate?



James Reynolds
University of Utah
Student Computing Labs
james at


Q. Is Kerberos supported in Mac OS X client, or Server only?

A. Kerberos is supported in Mac OS X client.

Q. Are there any plans to work with CUPS to incorporate kerberized 
authentication into CUPS (the present solution involves a klpr 
backend talking to a kerberized LPRng print server)?

A. I believe Panther will have this functionality (but not sure).

Q. It sounds like the Apple Password Server is more secure than 
Kerberos, because the password is not passed over the network.  So 
Kerberos is not the best choice?  Please elaborate.

A. That is not correct.  Kerberos does not send the clear text 
password over the network either.  In fact, Apple is embracing 
Keberos in Mac OS X 10.3 by integrating it even more in the client 
and server OS.

More information about the krbdev mailing list