Diff for /wikisrc/kerberos/system.mdwn between versions 1.10 and 1.12

version 1.10, 2013/05/26 14:37:31 version 1.12, 2015/02/04 03:16:53
Line 26  in DNS. To use Kerberized TNF services,  Line 26  in DNS. To use Kerberized TNF services, 
   
     $ kinit <username>@NETBSD.ORG      $ kinit <username>@NETBSD.ORG
   
 The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!  The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
   
   
 ## Mac OS X  ## Mac OS X
Line 34  The right-hand side is a Kerberos realm, Line 34  The right-hand side is a Kerberos realm,
 OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.  OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.
 To use Kerberized TNF services, log in with your Kerberos [[password]]:  To use Kerberized TNF services, log in with your Kerberos [[password]]:
   
     $ kinit <username>@NETBSD.ORG  7. Launch the `Ticket Viewer.app` from `/System/Library/CoreServices`
   
 The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!  
   
 ### A Keychain.app trick  
   
 To pop up a GUI password dialog:  
   
     $ kinit <username>@NETBSD.ORG </dev/null  
   
 Check "Remember this password in my keychain" to make future Kerberos  
 logins (sans input redirection) prompt-free.  
   
 ### Storing the Kerberos Password in Your Keychain  7. Press the "Add Identity" button
   
 Let us say you have an account "bob" on the realm "NETBSD.ORG" with password "mypasswd". Then in a Terminal type on one single line  7. In the identity field enter your `<username>@NETBSD.ORG`
   
     security add-generic-password -a "bob" -l "NETBSD.ORG (bob)" -s "NETBSD.ORG" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit"      The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
   
 This will create an item in your default Keychain named "NETBSD.ORG (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app.  7. Enter the password associated with this identity in the password field
   
 More details with man security.     By default Ticket Viewer.app will save password details in keychain, un-tick "Remember password in my keychain" if this is not desired behaviour
   
 After that kinit bob@NETBSD.ORG will not prompt you for a password but will get it from the keychain.  7. Press continue
   
 (This tip is orignally from [superuser.com](http://superuser.com/questions/360262/integrate-kerberos-and-keychain))  If successful, you'll be returned to the main window with a new entry below the icons containing `<username>@NETBSD.ORG` and the date and time which the ticket obtained is due to expired.
   
 ## Windows XP  ## Windows XP
   

Removed from v.1.10  
changed lines
  Added in v.1.12


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb