|
version 1.10, 2013/05/26 14:37:31
|
version 1.11, 2015/02/04 03:06:35
|
|
Line 34 The right-hand side is a Kerberos realm,
|
Line 34 The right-hand side is a Kerberos realm,
|
| OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
| To use Kerberized TNF services, log in with your Kerberos [[password]]: |
To use Kerberized TNF services, log in with your Kerberos [[password]]: |
| |
|
| $ kinit <username>@NETBSD.ORG |
7. Launch the `Ticket Viewer.app` from `/System/Library/CoreServices` |
| |
|
| The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
7. Press the "Add Identity" button |
| |
|
| ### A Keychain.app trick |
7. In the identity field enter your `<username>@NETBSD.ORG` |
| |
|
| To pop up a GUI password dialog: |
The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!* |
| |
|
| $ kinit <username>@NETBSD.ORG </dev/null |
7. Enter the password associated with this identity in the password field |
| |
|
| Check "Remember this password in my keychain" to make future Kerberos |
By default Ticket Viewer.app will save password details in keychain, un-tick "Remember password in my keychain" if this is not desired behaviour |
| logins (sans input redirection) prompt-free. |
|
| |
|
| ### Storing the Kerberos Password in Your Keychain |
7. Press continue |
| |
|
| Let us say you have an account "bob" on the realm "NETBSD.ORG" with password "mypasswd". Then in a Terminal type on one single line |
If successful, you'll be returned to the main window with a new entry below the icons containing `<username>@NETBSD.ORG` and the date and time which the ticket obtained is due to expired. |
| |
|
| security add-generic-password -a "bob" -l "NETBSD.ORG (bob)" -s "NETBSD.ORG" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit" |
|
| |
|
| This will create an item in your default Keychain named "NETBSD.ORG (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app. |
|
| |
|
| More details with man security. |
|
| |
|
| After that kinit bob@NETBSD.ORG will not prompt you for a password but will get it from the keychain. |
|
| |
|
| (This tip is orignally from [superuser.com](http://superuser.com/questions/360262/integrate-kerberos-and-keychain)) |
|
| |
|
| ## Windows XP |
## Windows XP |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to system.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / kerberos