|
version 1.7, 2011/08/06 00:09:47
|
version 1.8, 2013/02/16 11:50:13
|
|
Line 1
|
Line 1
|
| [[!tag kerberos howto]] |
[[!tag kerberos howto]] |
| |
|
| #### Why enable Kerberos on your system? |
## Why enable Kerberos on your system? |
| |
|
| Convenience and security. With |
Convenience and security. With |
| [Kerberos](http://web.mit.edu/Kerberos/dialogue.html), a single |
[Kerberos](http://web.mit.edu/Kerberos/dialogue.html), a single |
| login grants access to all NetBSD web services. Configuration is easy |
login grants access to all NetBSD web services. Configuration is easy |
| and you only have to do it once (sometimes less). |
and you only have to do it once (sometimes less). |
| |
|
| #### [[!toggle id="macosx" text="Mac OS X"]] |
|
| [[!toggleable id="macosx" text=""" |
|
| OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
|
| To use Kerberized TNF services, log in with your Kerberos [[password]]: |
|
| |
|
| `$ kinit <username>@NETBSD.ORG` |
|
| |
|
| The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
|
| |
|
| ##### A Keychain.app trick |
|
| |
|
| To pop up a GUI password dialog: |
|
| |
|
| `$ kinit <username>@NETBSD.ORG </dev/null` |
|
| |
|
| Check "Remember this password in my keychain" to make future Kerberos |
## NetBSD |
| logins (sans input redirection) prompt-free. |
|
| """]] |
|
| |
|
| #### [[!toggle id="netbsd" text="NetBSD"]] |
|
| [[!toggleable id="netbsd" text=""" |
|
| NetBSD needs to be configured to prevent Kerberos from being used |
NetBSD needs to be configured to prevent Kerberos from being used |
| to log into _your_ system, and then to enable Kerberos. |
to log into _your_ system, and then to enable Kerberos. |
| |
|
|
Line 45 in DNS. To use Kerberized TNF services,
|
Line 27 in DNS. To use Kerberized TNF services,
|
| `$ kinit <username>@NETBSD.ORG` |
`$ kinit <username>@NETBSD.ORG` |
| |
|
| The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
| """]] |
|
| |
|
| #### [[!toggle id="windows" text="Windows XP"]] |
|
| [[!toggleable id="windows" text=""" |
## MacOSX |
| |
|
| |
OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
| |
To use Kerberized TNF services, log in with your Kerberos [[password]]: |
| |
|
| |
`$ kinit <username>@NETBSD.ORG` |
| |
|
| |
The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
| |
|
| |
### A Keychain.app trick |
| |
|
| |
To pop up a GUI password dialog: |
| |
|
| |
`$ kinit <username>@NETBSD.ORG </dev/null` |
| |
|
| |
Check "Remember this password in my keychain" to make future Kerberos |
| |
logins (sans input redirection) prompt-free. |
| |
|
| |
|
| |
## Windows XP |
| |
|
| Windows does not provide an easy way to configure and use KDCs different from the one embedded into an Active Directory. |
Windows does not provide an easy way to configure and use KDCs different from the one embedded into an Active Directory. |
| |
|
|
Line 66 Therefore, to use [[Kerberos]], you shou
|
Line 66 Therefore, to use [[Kerberos]], you shou
|
| Realm: NETBSD.ORG |
Realm: NETBSD.ORG |
| |
|
| 7. Click `Ok`. After a few seconds, it should obtain the TGT for you from NetBSD.ORG KDC. |
7. Click `Ok`. After a few seconds, it should obtain the TGT for you from NetBSD.ORG KDC. |
| |
|
| """]] |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to system.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / kerberos