[Samba] Automating kerberos authentication on Mac OS X?

Arno Hahma arno at jyu.fi
Fri Mar 12 10:35:38 GMT 2004


Is there any way to "automate" kerberos authentication on Mac OS X? 
Here's the problem:

When a user wants to access samba-3.0.2a -server from a Mac, he/she has 
to run
"kinit" to get the principal ticket. If this is not done, Mac's tools 
(Finder) will try to authenticate
with NTLM, which is and will be disabled on our servers. Of course, 
this fails miserably.

I have not devised any means to tell the Mac -clients to use kerberos, 
unless the kerberos
ticket is explicitly loaded prior to attempting connections. In such a 
case, everything works
fine, but it is kind of impractical to tell the users to issue "kinit" 
manually once a day to load
new tickets after them expiring.

How could this be integrated to Mac's own tools? Possible solutions 
would be to use the screen saver password locking to forward the 
information to kerberos (i.e. run kinit with the password and username 
from the screen saver) or to have Mac-programs authenticate with 
kerberos by default.
I only haven't found a way to implement this easily. Are there other 
possibilities?

--
ArNO
     2


More information about the samba mailing list