Mac SSO defaults question
Henry B. Hotz
hotz at jpl.nasa.gov
Fri Jan 27 20:06:22 EST 2006
FWIW I recently submitted a bug to Apple (cc'ing our salesman) about
the /etc/authorization stuff not being updated for Tiger even after
all this time. Only word is the salesman promising to bring it to
the right people's attention.
Experimentally, what I see is that you can substitute a krb5
mechanism in system.login.console, but not if a couple of unrelated
entries are present (like an xcode one, and an adhoc Airport network
one). "builtin:krb5authnoverify" seems to work now, but login and
user-switch is very slow if the network is missing/slow.
I can't get any k5 mechanism to work in system.login.done as I would
prefer. That would appear to be the right approach for a laptop.
On Jan 27, 2006, at 9:01 AM, krbdev-request at mit.edu wrote:
> Message: 10
> Date: Thu, 26 Jan 2006 17:29:54 -0800
> From: Russ Allbery <rra at stanford.edu>
> Subject: Re: Mac SSO defaults question
> To: krbdev at MIT.EDU
> Message-ID: <87wtgm1mr1.fsf at windlord.stanford.edu>
> Content-Type: text/plain; charset=us-ascii
>
> Sam Hartman <hartmans at MIT.EDU> writes:
>
>> So, I think in a perfect Mac world, you'd pick up a directory
>> attribute
>> that told the system to use Kerberos. However this doesn't quite
>> work
>> the way it should (although the tiger behavior is better than
>> panther).
>
> Oh, hm. Interesting.
>
>> In general though I'd recommend that feature requests/discussions
>> like
>> this go to Apple possibly in addition to copying us. But if Apple
>> doesn't here about the requirements from users, they will not
>> dedicate
>> resources.
>
> Okay, will do. Thanks!
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/
> ~eagle/>
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list