[OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #67 - 4 msgs

Aaron Rosenblum arosenbl@mac.com
Thu, 24 Oct 2002 12:39:30 -0400


Make the following modifications to /etc/authorization :

replace the 'authinternal' string in the line that looks like

<string>loginwindow_builtin:login,authinternal,loginwindow_builtin:succe 
ss</string>

with the string: 'krb5auth:authnoverify'

so that it looks like:

<string>loginwindow_builtin:login,krb5auth:authnoverify,loginwindow_buil 
tin:success</string>

in the <string>switch_to_user</string> line:

add krb5auth:login to the string so that it looks like:

<string>switch_to_user,krb5auth:login</string>

Save the changes and logout.  You will be able to use a kerberos
uniquename/password combination to log into the machine so long as the
username you are using exists in directory services (local, netinfo,
properly configured LDAP, or otherwise) and the password you supply is  
the
correct kerberos password. You will get a TGT upon succesfully logging  
in.

Also, there used to be a freeware wrapper to configure lookupd to use  
NIS.

http://www.versiontracker.com/moreinfo.fcgi?id=9914&db=mac

I don't know if it still works...

Aaron


On Thursday, October 24, 2002, at 08:25 AM, bil wrote:

> Does anyone out there know of a way to get this kind of thing to work  
> without having a local userid? We're trying to figure a way to map afs  
> drives with user accounts to a public machine without having to  
> maintain local accounts (we do this with other unix boxes using NIS  
> for user data and pam, but can't find any solid docs on any of that  
> for osx, and Apple's been little help).
> bil
>
>
> --On Wednesday, October 23, 2002 12:01 PM -0400  
> port-darwin-request@openafs.org wrote:
>
>> Message: 2
>> Date: Tue, 22 Oct 2002 16:12:45 -0400
>> Subject: Re: [OpenAFS-port-darwin] Re: Kerberos for Macintosh Login
>> Authentication, Help? Cc: port-darwin@openafs.org
>> To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
>> From: Aaron Rosenblum <arosenbl@mac.com>
>>
>> No, you do not need the extra edit if all you want to do is get  
>> tickets
>> as a side effect of logging in.  Please note, however, that you must
>> have a local username and password that match your kerberos
>> username/password for this to work.
>>
>> Hope this helps.
>>
>> Aaron
>
>
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin