--- wikisrc/kerberos/system.mdwn	2011/08/01 23:27:43	1.6
+++ wikisrc/kerberos/system.mdwn	2015/02/04 03:18:21	1.13
@@ -1,33 +1,15 @@
 [[!tag kerberos howto]]
 
-#### Why enable Kerberos on your system?
+## Why enable Kerberos on your system?
 
 Convenience and security. With
 [Kerberos](http://web.mit.edu/Kerberos/dialogue.html), a single
 login grants access to all NetBSD web services. Configuration is easy
 and you only have to do it once (sometimes less).
 
-#### [[!toggle id="macosx" text="Mac OS X"]]
-[[!toggleable id="macosx" text="""
-OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.
-To use Kerberized TNF services, log in with your Kerberos [[password]]:
-
-`$ kinit <username>@NETBSD.ORG`
-
-The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!
-
-##### A Keychain trick
-
-To pop up a GUI password dialog:
 
-`$ kinit <username>@NETBSD.ORG </dev/null`
+## NetBSD
 
-Check "Remember this password in my keychain" to make future Kerberos
-logins (via `kinit`) prompt-free.
-"""]]
-
-#### [[!toggle id="netbsd" text="NetBSD"]]
-[[!toggleable id="netbsd" text="""
 NetBSD needs to be configured to prevent Kerberos from being used
 to log into _your_ system, and then to enable Kerberos.
 
@@ -42,29 +24,62 @@ NetBSD will now autodiscover and uses th
 in DNS. To use Kerberized TNF services, log in with your Kerberos
 [[password]]:
 
-`$ kinit <username>@NETBSD.ORG`
+    $ kinit <username>@NETBSD.ORG
 
-The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!
-"""]]
+The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
 
-#### [[!toggle id="windows" text="Windows XP"]]
-[[!toggleable id="windows" text="""
 
-Windows does not provide an easy way to configure and use KDCs different from the one embedded into an Active Directory.
+## Mac OS X
 
-Therefore, to use [[Kerberos]], you should follow the following steps:
+OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS.
+To use Kerberized TNF services, log in with your Kerberos [[password]]:
 
-7. Download the [MIT Kerberos for Windows](http://web.mit.edu/Kerberos/dist/#kfw-3.2) installer. It is composed of different tools traditionally found with Kerberos distributions, like [[!template id=man name=kinit section=1]] or [[!template id=man name=klist section=1]], and a Network Identity Manager, an application used to manage credential caching of Kerberos tickets.
+7. Launch `Ticket Viewer.app` from `/System/Library/CoreServices`
 
-7. Install the package. Use the default provided options, then restart the computer.
+7. Press the "Add Identity" button
 
-7. The Network Identity Manager [(PDF)](http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2/netidmgr_userdoc.pdf) should automatically start when you login. As there is no principal currently configured, it should open a dialog box to obtain the new credentials.
+7. In the identity field enter your `<username>@NETBSD.ORG`
 
-7. Enter your principal:
+    The right-hand side is a Kerberos realm, not a DNS domain. *Case is significant!*
+
+7. Enter the password associated with this identity in the password field
 
-        Username: <username>
-        Realm: NETBSD.ORG
+   By default Ticket Viewer.app will save password details in keychain, un-tick "Remember password in my keychain" if this is not desired behaviour
+
+7. Press continue
+
+If successful, you'll be returned to the main window with a new entry below the icons containing `<username>@NETBSD.ORG` and the date and time which the ticket obtained is due to expire.
+
+## Windows XP
+
+Windows does not provide an easy way to configure and use KDCs
+different from the one embedded into an Active Directory.
+
+Therefore, to use [[Kerberos]], you should follow the following
+steps:
+
+7. Download the
+   [MIT Kerberos for Windows](http://web.mit.edu/Kerberos/dist/#kfw-3.2)
+   installer. It is composed of different tools traditionally found
+   with Kerberos distributions, like
+   [[!template id=man name=kinit section=1]] or
+   [[!template id=man name=klist section=1]], and a Network Identity
+   Manager, an application used to manage credential caching of
+   Kerberos tickets.
+
+7. Install the package. Use the default provided options, then
+   restart the computer.
+
+7. The Network Identity Manager
+   [(PDF)](http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2/netidmgr_userdoc.pdf)
+   should automatically start when you login. As there is no principal
+   currently configured, it should open a dialog box to obtain the
+   new credentials.
+
+7. Enter your principal:
 
-7. Click `Ok`. After a few seconds, it should obtain the TGT for you from NetBSD.ORG KDC.
+    Username: <username>
+    Realm: NETBSD.ORG
 
-"""]]
+7. Click `Ok`. After a few seconds, it should obtain the TGT for
+   you from the NETBSD.ORG KDC.