Diff for /wikisrc/kerberos/system.mdwn between versions 1.10 and 1.14

version 1.10, 2013/05/26 14:37:31 version 1.14, 2015/10/29 16:10:38
Line 26  in DNS. To use Kerberized TNF services,  Line 26  in DNS. To use Kerberized TNF services, 
   
     $ kinit <username>@NETBSD.ORG      $ kinit <username>@NETBSD.ORG
   
 The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!  The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
   
   
 ## Mac OS X  ## Mac OS X
Line 34  The right-hand side is a Kerberos realm, Line 34  The right-hand side is a Kerberos realm,
 OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.  OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.
 To use Kerberized TNF services, log in with your Kerberos [[password]]:  To use Kerberized TNF services, log in with your Kerberos [[password]]:
   
     $ kinit <username>@NETBSD.ORG  7. Launch `Ticket Viewer.app` from `/System/Library/CoreServices`
   
 The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!  
   
 ### A Keychain.app trick  7. Press the "Add Identity" button
   
 To pop up a GUI password dialog:  7. In the identity field enter your `<username>@NETBSD.ORG`
   
     $ kinit <username>@NETBSD.ORG </dev/null      The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
   
 Check "Remember this password in my keychain" to make future Kerberos  7. Enter the password associated with this identity in the password field
 logins (sans input redirection) prompt-free.  
   
 ### Storing the Kerberos Password in Your Keychain     By default Ticket Viewer.app will save password details in keychain, un-tick "Remember password in my keychain" if this is not desired behaviour
   
 Let us say you have an account "bob" on the realm "NETBSD.ORG" with password "mypasswd". Then in a Terminal type on one single line  7. Press continue
   
     security add-generic-password -a "bob" -l "NETBSD.ORG (bob)" -s "NETBSD.ORG" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit"  If successful, you'll be returned to the main window with a new entry below the icons containing `<username>@NETBSD.ORG` and the date and time which the ticket obtained is due to expire.
   
 This will create an item in your default Keychain named "NETBSD.ORG (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app.  Alternately, from the command line:
   
 More details with man security.      koolaid:~ 196> kinit <username>@NETBSD.ORG
       <username>@NETBSD.ORG's Password: 
       koolaid:~ 197> 
   
 After that kinit bob@NETBSD.ORG will not prompt you for a password but will get it from the keychain.  The klist command will show current tickets.  Additionally, a kinit created entry will show up in Ticket Viewer.app.
   
 (This tip is orignally from [superuser.com](http://superuser.com/questions/360262/integrate-kerberos-and-keychain))  
   
 ## Windows XP  ## Windows XP
   

Removed from v.1.10  
changed lines
  Added in v.1.14


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb