[OpenAFS-port-darwin] Post-Login Kerberos Authentication for OS X 10.3
Aaron Rosenblum
arosenbl@mac.com
Fri, 31 Oct 2003 14:35:59 -0500
Hi,
Apple should be publishing an updated KB article. But in the mean time=20=
here you go:
Note the first modification is for the login window only, the second=20
and third are so that the system prefs app and the screensaver lock=20
will accept a kerberos password.
[detailed description of modifications to /etc/authorization]
Modify the =93mechanisms=94 section of the system.login.console part of=20=
/etc/authorization to change the line:
<string>authinternal</string>
to be:
<string>builtin:krb5authnoverify</string>
Modify the =93mechanism=94 section of the system.prefernces part of=20
/etc/authorization to add the line:
<string>builtin:krb5authnoveriify</string>
so that it looks like:
<key>mechanisms</key>
<array>
<string>builtin:authenticate</string>
<string>builtin:krb5authnoveriify</string>
</array>
Modify the =93mechanism=94 section of the=20
authenticate-session-owner-or-admin part of /etc/authorization to add=20
the line:
<string>builtin:krb5authnoveriify</string>
so that it looks like:
<key>mechanisms</key>
<array>
<string>builtin:authenticate</string>
<string>builtin:krb5authnoveriify</string>
</array>
On Oct 30, 2003, at 2:12 PM, Keith Johnston wrote:
> Hi
> I am trying to get Post-Login Kerberos Authentication for OS X =
10.3=20
> to work and am not having too much success. I have it working under OS=20=
> X 10.2 using the method outlined in Apples knowledge base article=20
> 107154.
> Apple appear to have altered the /etc/authorization file=20
> significantly. I was wondering if anyone is using this and if so if=20
> they have got it working in OS X 10.3.
> Thanks in advance for your help, I am really pleased with =
OpenAFS =20
> especially about being able to integrate obtaining tokens with login.
> regards
> Keith
> -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
> Keith Johnston =
xtn: 87977
> Computer Support
> Computer Science Department Rm 395
>
> This email is brought to you by the letters OS X and the number =
10
> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin