[Samba] Automating kerberos authentication on Mac OS X?
pubsyssamba at bbc.co.uk
Fri Mar 12 10:59:27 GMT 2004
you may already know this but you need a ticket granting ticket to enable Kerberos authentication to other
services, this is obtained manually by kinit or by some other custom means. So your problem is automating the
getting the ticket granting ticket. Try this link it explains how configure OS X to obtain a TGT at logon,
PS I haven't personally tested this, but had something similar working with OS X 10.2.
From: samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org
[mailto:samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org]On Behalf Of
Posted At: 12 March 2004 10:36
Posted To: Samba
Conversation: [Samba] Automating kerberos authentication on Mac OS X?
Subject: [Samba] Automating kerberos authentication on Mac OS X?
Is there any way to "automate" kerberos authentication on Mac OS X?
Here's the problem:
When a user wants to access samba-3.0.2a -server from a Mac, he/she has
"kinit" to get the principal ticket. If this is not done, Mac's tools
(Finder) will try to authenticate
with NTLM, which is and will be disabled on our servers. Of course,
this fails miserably.
I have not devised any means to tell the Mac -clients to use kerberos,
unless the kerberos
ticket is explicitly loaded prior to attempting connections. In such a
case, everything works
fine, but it is kind of impractical to tell the users to issue "kinit"
manually once a day to load
new tickets after them expiring.
How could this be integrated to Mac's own tools? Possible solutions
would be to use the screen saver password locking to forward the
information to kerberos (i.e. run kinit with the password and username
from the screen saver) or to have Mac-programs authenticate with
kerberos by default.
I only haven't found a way to implement this easily. Are there other
To unsubscribe from this list go to the following URL and read the
More information about the samba