[OpenAFS-port-darwin] Re: Kerberos for Macintosh Login Authentication, Help?

Ragnar Sundblad ragge@nada.kth.se
Tue, 22 Oct 2002 03:33:49 +0200


--On den 21 oktober 2002 17:54 -0700 "Henry B. Hotz" <hotz@jpl.nasa.gov> 
wrote:

> Also modified /etc/authorization as follows:
>
>> <!-- Do kerberos authentication as a side-effect of loggin in.
>> Local username/password will be used.
>>  -->
>>         <key>system.login.done</key>
>>         <dict>
>>                 <key>eval</key>
>>                 <string>switch_to_user, krb5auth:login</string>
>>         </dict>

We don't have a space between "switch_to_user," and "krb5auth:login",
that could be your console login problem.

> Added group read access to ~/Library/Preferences/  (Do I really need to
> do this?)

If you have your home directory in AFS and don't use any of
the loginLogout plugins to get you to token at console
login time, you have to to use your own prefs for the Dock
and other apps that are started at login time.
I prefer not doing that since all kinds of prefs go there
and it is not sure that the user really wants them all to
be world readable.
(See list port-darwin@openafs.org, 1:13 PM -0700 Alexei Kosut
for a loginLogout plugin.)

Don't know enough about the kpasswd/ka server stuff to say
anything, I am sure someone else knows.

/ragge