Mac SSO defaults question

Henry B. Hotz hotz at
Fri Jan 27 20:06:22 EST 2006

FWIW I recently submitted a bug to Apple (cc'ing our salesman) about  
the /etc/authorization stuff not being updated for Tiger even after  
all this time.  Only word is the salesman promising to bring it to  
the right people's attention.

Experimentally, what I see is that you can substitute a krb5  
mechanism in system.login.console, but not if a couple of unrelated  
entries are present (like an xcode one, and an adhoc Airport network  
one).  "builtin:krb5authnoverify" seems to work now, but login and  
user-switch is very slow if the network is missing/slow.

I can't get any k5 mechanism to work in system.login.done as I would  
prefer.  That would appear to be the right approach for a laptop.

On Jan 27, 2006, at 9:01 AM, krbdev-request at wrote:

> Message: 10
> Date: Thu, 26 Jan 2006 17:29:54 -0800
> From: Russ Allbery <rra at>
> Subject: Re: Mac SSO defaults question
> To: krbdev at MIT.EDU
> Message-ID: <87wtgm1mr1.fsf at>
> Content-Type: text/plain; charset=us-ascii
> Sam Hartman <hartmans at MIT.EDU> writes:
>> So, I think in a perfect Mac world, you'd pick up a directory  
>> attribute
>> that told the system to use Kerberos.  However this doesn't quite  
>> work
>> the way it should (although the tiger behavior is better than  
>> panther).
> Oh, hm.  Interesting.
>> In general though I'd recommend that feature requests/discussions  
>> like
>> this go to Apple possibly in addition to copying us.  But if Apple
>> doesn't here about the requirements from users, they will not  
>> dedicate
>> resources.
> Okay, will do.  Thanks!
> -- 
> Russ Allbery (rra at             < 
> ~eagle/>

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list