--- wikisrc/kerberos/system.mdwn	2013/05/26 14:37:31	1.10
+++ wikisrc/kerberos/system.mdwn	2015/02/04 03:16:53	1.12
@@ -26,7 +26,7 @@ in DNS. To use Kerberized TNF services, 
 
     $ kinit <username>@NETBSD.ORG
 
-The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!
+The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
 
 
 ## Mac OS X
@@ -34,32 +34,21 @@ The right-hand side is a Kerberos realm,
 OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.
 To use Kerberized TNF services, log in with your Kerberos [[password]]:
 
-    $ kinit <username>@NETBSD.ORG
-
-The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!
-
-### A Keychain.app trick
-
-To pop up a GUI password dialog:
-
-    $ kinit <username>@NETBSD.ORG </dev/null
-
-Check "Remember this password in my keychain" to make future Kerberos
-logins (sans input redirection) prompt-free.
+7. Launch the `Ticket Viewer.app` from `/System/Library/CoreServices`
 
-### Storing the Kerberos Password in Your Keychain
+7. Press the "Add Identity" button
 
-Let us say you have an account "bob" on the realm "NETBSD.ORG" with password "mypasswd". Then in a Terminal type on one single line
+7. In the identity field enter your `<username>@NETBSD.ORG`
 
-    security add-generic-password -a "bob" -l "NETBSD.ORG (bob)" -s "NETBSD.ORG" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit"
+    The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
 
-This will create an item in your default Keychain named "NETBSD.ORG (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app.
+7. Enter the password associated with this identity in the password field
 
-More details with man security.
+   By default Ticket Viewer.app will save password details in keychain, un-tick "Remember password in my keychain" if this is not desired behaviour
 
-After that kinit bob@NETBSD.ORG will not prompt you for a password but will get it from the keychain.
+7. Press continue
 
-(This tip is orignally from [superuser.com](http://superuser.com/questions/360262/integrate-kerberos-and-keychain))
+If successful, you'll be returned to the main window with a new entry below the icons containing `<username>@NETBSD.ORG` and the date and time which the ticket obtained is due to expired.
 
 ## Windows XP