|
version 1.8, 2013/02/16 11:50:13
|
version 1.10, 2013/05/26 14:37:31
|
|
Line 24 NetBSD will now autodiscover and uses th
|
Line 24 NetBSD will now autodiscover and uses th
|
| in DNS. To use Kerberized TNF services, log in with your Kerberos |
in DNS. To use Kerberized TNF services, log in with your Kerberos |
| [[password]]: |
[[password]]: |
| |
|
| `$ kinit <username>@NETBSD.ORG` |
$ kinit <username>@NETBSD.ORG |
| |
|
| The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
| |
|
| |
|
| ## MacOSX |
## Mac OS X |
| |
|
| OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
OS X autodiscovers and uses the NETBSD.ORG KDC as defined in DNS. |
| To use Kerberized TNF services, log in with your Kerberos [[password]]: |
To use Kerberized TNF services, log in with your Kerberos [[password]]: |
| |
|
| `$ kinit <username>@NETBSD.ORG` |
$ kinit <username>@NETBSD.ORG |
| |
|
| The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
The right-hand side is a Kerberos realm, not a DNS domain. Case is significant! |
| |
|
|
Line 42 The right-hand side is a Kerberos realm,
|
Line 42 The right-hand side is a Kerberos realm,
|
| |
|
| To pop up a GUI password dialog: |
To pop up a GUI password dialog: |
| |
|
| `$ kinit <username>@NETBSD.ORG </dev/null` |
$ kinit <username>@NETBSD.ORG </dev/null |
| |
|
| Check "Remember this password in my keychain" to make future Kerberos |
Check "Remember this password in my keychain" to make future Kerberos |
| logins (sans input redirection) prompt-free. |
logins (sans input redirection) prompt-free. |
| |
|
| |
### Storing the Kerberos Password in Your Keychain |
| |
|
| ## Windows XP |
Let us say you have an account "bob" on the realm "NETBSD.ORG" with password "mypasswd". Then in a Terminal type on one single line |
| |
|
| |
security add-generic-password -a "bob" -l "NETBSD.ORG (bob)" -s "NETBSD.ORG" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit" |
| |
|
| |
This will create an item in your default Keychain named "NETBSD.ORG (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app. |
| |
|
| Windows does not provide an easy way to configure and use KDCs different from the one embedded into an Active Directory. |
More details with man security. |
| |
|
| Therefore, to use [[Kerberos]], you should follow the following steps: |
After that kinit bob@NETBSD.ORG will not prompt you for a password but will get it from the keychain. |
| |
|
| |
(This tip is orignally from [superuser.com](http://superuser.com/questions/360262/integrate-kerberos-and-keychain)) |
| |
|
| |
## Windows XP |
| |
|
| 7. Download the [MIT Kerberos for Windows](http://web.mit.edu/Kerberos/dist/#kfw-3.2) installer. It is composed of different tools traditionally found with Kerberos distributions, like [[!template id=man name=kinit section=1]] or [[!template id=man name=klist section=1]], and a Network Identity Manager, an application used to manage credential caching of Kerberos tickets. |
Windows does not provide an easy way to configure and use KDCs |
| |
different from the one embedded into an Active Directory. |
| |
|
| 7. Install the package. Use the default provided options, then restart the computer. |
Therefore, to use [[Kerberos]], you should follow the following |
| |
steps: |
| |
|
| 7. The Network Identity Manager [(PDF)](http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2/netidmgr_userdoc.pdf) should automatically start when you login. As there is no principal currently configured, it should open a dialog box to obtain the new credentials. |
7. Download the |
| |
[MIT Kerberos for Windows](http://web.mit.edu/Kerberos/dist/#kfw-3.2) |
| |
installer. It is composed of different tools traditionally found |
| |
with Kerberos distributions, like |
| |
[[!template id=man name=kinit section=1]] or |
| |
[[!template id=man name=klist section=1]], and a Network Identity |
| |
Manager, an application used to manage credential caching of |
| |
Kerberos tickets. |
| |
|
| |
7. Install the package. Use the default provided options, then |
| |
restart the computer. |
| |
|
| |
7. The Network Identity Manager |
| |
[(PDF)](http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2/netidmgr_userdoc.pdf) |
| |
should automatically start when you login. As there is no principal |
| |
currently configured, it should open a dialog box to obtain the |
| |
new credentials. |
| |
|
| 7. Enter your principal: |
7. Enter your principal: |
| |
|
| Username: <username> |
Username: <username> |
| Realm: NETBSD.ORG |
Realm: NETBSD.ORG |
| |
|
| 7. Click `Ok`. After a few seconds, it should obtain the TGT for you from NetBSD.ORG KDC. |
7. Click `Ok`. After a few seconds, it should obtain the TGT for |
| |
you from the NETBSD.ORG KDC. |
![[BACK]](/icons/back.gif){kind=icon}
Return to system.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / kerberos