[Samba] Automating kerberos authentication on Mac OS X?

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Fri Mar 12 10:59:27 GMT 2004 

Hi Arno,

	you may already know this but you need a ticket granting ticket to enable Kerberos authentication to other
services, this is obtained manually by kinit or by some other custom means. So your problem is automating the
getting the ticket granting ticket. Try this link it explains how configure OS X to obtain a TGT at logon,

http://www.public.iastate.edu/~macosx/how-to.html

thanks Andy.

PS I haven't personally tested this, but had something similar working with OS X 10.2.

-----Original Message-----
From: samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org
[mailto:samba-bounces+pubsyssamba=bbc.co.uk at lists.samba.org]On Behalf Of
Arno Hahma
Posted At: 12 March 2004 10:36
Posted To: Samba
Conversation: [Samba] Automating kerberos authentication on Mac OS X?
Subject: [Samba] Automating kerberos authentication on Mac OS X?



Is there any way to "automate" kerberos authentication on Mac OS X? 
Here's the problem:

When a user wants to access samba-3.0.2a -server from a Mac, he/she has 
to run
"kinit" to get the principal ticket. If this is not done, Mac's tools 
(Finder) will try to authenticate
with NTLM, which is and will be disabled on our servers. Of course, 
this fails miserably.

I have not devised any means to tell the Mac -clients to use kerberos, 
unless the kerberos
ticket is explicitly loaded prior to attempting connections. In such a 
case, everything works
fine, but it is kind of impractical to tell the users to issue "kinit" 
manually once a day to load
new tickets after them expiring.

How could this be integrated to Mac's own tools? Possible solutions 
would be to use the screen saver password locking to forward the 
information to kerberos (i.e. run kinit with the password and username 
from the screen saver) or to have Mac-programs authenticate with 
kerberos by default.
I only haven't found a way to implement this easily. Are there other 
possibilities?

--
ArNO
     2
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list