[Samba] Automating kerberos authentication on Mac OS X?
Arno Hahma
arno at jyu.fi
Fri Mar 12 10:35:38 GMT 2004
Is there any way to "automate" kerberos authentication on Mac OS X?
Here's the problem:
When a user wants to access samba-3.0.2a -server from a Mac, he/she has
to run
"kinit" to get the principal ticket. If this is not done, Mac's tools
(Finder) will try to authenticate
with NTLM, which is and will be disabled on our servers. Of course,
this fails miserably.
I have not devised any means to tell the Mac -clients to use kerberos,
unless the kerberos
ticket is explicitly loaded prior to attempting connections. In such a
case, everything works
fine, but it is kind of impractical to tell the users to issue "kinit"
manually once a day to load
new tickets after them expiring.
How could this be integrated to Mac's own tools? Possible solutions
would be to use the screen saver password locking to forward the
information to kerberos (i.e. run kinit with the password and username
from the screen saver) or to have Mac-programs authenticate with
kerberos by default.
I only haven't found a way to implement this easily. Are there other
possibilities?
--
ArNO
2
More information about the samba
mailing list