[OpenAFS-port-darwin] Post-Login Kerberos Authentication for OS X 10.3

Keith Johnston keith@cs.auckland.ac.nz
Mon, 3 Nov 2003 15:15:17 +1300 

Thanks Aaron;
	That has worked for me and now I have post login authentication=20=

working so that my users will be able to obtain AFS tokens=20
automatically at login. On to other problems ;-(

Regards
Keith
On Saturday, November 1, 2003, at 08:35 AM, Aaron Rosenblum wrote:

> Hi,
>
> Apple should be publishing an updated KB article.  But in the mean=20
> time here you go:
>
> Note the first modification is for the login window only, the second=20=

> and third are so that the system prefs app and the screensaver lock=20
> will accept a kerberos password.
>
> [detailed description of modifications to /etc/authorization]
>
> Modify the =93mechanisms=94 section of the system.login.console part =
of=20
> /etc/authorization to change the line:
>
> <string>authinternal</string>
>
> to be:
>
> <string>builtin:krb5authnoverify</string>
>
> Modify the =93mechanism=94 section of the system.prefernces part of=20
> /etc/authorization to add the line:
>
> <string>builtin:krb5authnoveriify</string>
>
> so that it looks like:
>
> <key>mechanisms</key>
>                         <array>
>                                 <string>builtin:authenticate</string>
> 		        <string>builtin:krb5authnoveriify</string>
>                         </array>
>
> Modify the =93mechanism=94 section of the=20
> authenticate-session-owner-or-admin part of /etc/authorization to add=20=

> the line:
>
> <string>builtin:krb5authnoveriify</string>
>
> so that it looks like:
>
> <key>mechanisms</key>
>                         <array>
>                                 <string>builtin:authenticate</string>
> 		        <string>builtin:krb5authnoveriify</string>
>                         </array>
>
>
>
> On Oct 30, 2003, at 2:12 PM, Keith Johnston wrote:
>
>> Hi
>> 	I am trying to get Post-Login Kerberos Authentication for OS X =
10.3=20
>> to work and am not having too much success. I have it working under=20=

>> OS X 10.2 using the method outlined in Apples knowledge base article=20=

>> 107154.
>> 	Apple appear to have altered the /etc/authorization file=20
>> significantly. I was wondering if anyone is using this and if so if=20=

>> they have got it working in OS X 10.3.
>> 	Thanks in advance for your help, I am really pleased with =
OpenAFS =20
>> especially about being able to integrate obtaining tokens with login.
>> regards
>> Keith
>>                          -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
>> Keith Johnston								=
	xtn: 87977
>> Computer Support
>> Computer Science Department					Rm 395
>>
>> 	This email is brought to you by the letters OS X and the number =
10
>>                          =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>
>> _______________________________________________
>> port-darwin mailing list
>> port-darwin@openafs.org
>> https://lists.openafs.org/mailman/listinfo/port-darwin
>
>
                          -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Keith Johnston									=
xtn: 87977
Computer Support
Computer Science Department					Rm 395

	This email is brought to you by the letters OS X and the number =
10
                          =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D