[OpenAFS-port-darwin] Re: modifications for /etc/authorization
for OS X 10.4
Joseph Jackson
jackson@CMU.EDU
Thu, 26 May 2005 10:25:50 -0400
Note that there's a root exploit that Jim Foraker found when you have
Kerberos and LDAP both configured in Tiger. We reported it to Apple but it
hasn't been fixed yet. It's not really related to OpenAFS, so I'll refer
you to the macenterprise.org mailing list for details.
Joe Jackson,
Carnegie Mellon University.
--On Wednesday, May 25, 2005 10:04 PM -0400 ega <Everette_Allen@ncsu.edu>
wrote:
> So I filed this as a bug to apple in their radar but found out how to
> make it work before the eng. answered.
> Basically it follows the same pattern as everything else in
> /etc/authorization. Be very careful and make a backup of authorization
> as spelling is very important and if you mess up you will crash the
> window server to tty mode and have to boot single user and fix it.
> Replace the authinteral string in the mechanisms array in the
> system.console.login key as TIL 107154 says but use the string
>
> builtin:krb5authnoverify,privileged
>
> It was the ,privileged that kept throwing me until i realized everything
> around this key was treated the same way (ie two string separated by
> comma and the second seemed to be the same string).
>
>> Today's Topics:
>>
>> 1. modifications for /etc/authorization for OS X 10.4 (Keith Johnston)
>> 2. Re: modifications for /etc/authorization for OS X 10.4 (Patrick M
>> McNeal) 3. Re: modifications for /etc/authorization for OS X 10.4
>> (Keith Johnston)
>>
>> --__--__--
>>
>> Message: 1
>> To: port-darwin@openafs.org
>> From: Keith Johnston <keith@cs.auckland.ac.nz>
>> Date: Wed, 25 May 2005 10:17:51 +1200
>> Subject: [OpenAFS-port-darwin] modifications for /etc/authorization for
>> OS X 10.4
>>
>> Has anyone seen anything about how to enable Kerberos authentication
>> for OS X 10.4? Article 107154 has not yet been updated.
>>
>> http://docs.info.apple.com/article.html?artnum=107154
>>
>> Regards
>> Keith
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> Keith Johnston xtn: 87977
>> Computer Support
>> Computer Science Department Rm 395
>>
>> This email is brought to you by the letters OS X and the number 10
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>
>>
>> --__--__--
>>
>> Message: 2
>> Cc: port-darwin@openafs.org
>> From: Patrick M McNeal <mcneal@umich.edu>
>> Date: Tue, 24 May 2005 19:00:37 -0400
>> To: Keith Johnston <keith@cs.auckland.ac.nz>
>> Subject: Re: [OpenAFS-port-darwin] modifications for /etc/authorization
>> for OS X 10.4
>>
>>
>>> Has anyone seen anything about how to enable Kerberos
>>> authentication for OS X 10.4? Article 107154 has not yet been updated.
>>>
>>> http://docs.info.apple.com/article.html?artnum=107154
>>
>>
>> According to MIT, it's not working:
>>
>> http://web.mit.edu/swrt/releases/macosx10.4/#issues
>>
>> --__--__--
>>
>> Message: 3
>> Cc: port-darwin@openafs.org
>> From: Keith Johnston <keith@cs.auckland.ac.nz>
>> Date: Wed, 25 May 2005 11:31:21 +1200
>> To: Patrick M McNeal <mcneal@umich.edu>
>> Subject: Re: [OpenAFS-port-darwin] modifications for /etc/authorization
>> for OS X 10.4
>>
>> Thanks
>>
>> Keith
>> On 25/05/2005, at 11:00 AM, Patrick M McNeal wrote:
>>
>>
>>>> Has anyone seen anything about how to enable Kerberos authentication
>>>> for OS X 10.4? Article 107154 has not yet been updated.
>>>>
>>>> http://docs.info.apple.com/article.html?artnum=107154
>>>
>>> According to MIT, it's not working:
>>>
>>> http://web.mit.edu/swrt/releases/macosx10.4/#issues
>>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> Keith Johnston xtn: 87977
>> Computer Support
>> Computer Science Department Rm 395
>>
>> This email is brought to you by the letters OS X and the number 10
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>
>>
>>
>> --__--__--
>>
>> _______________________________________________
>> port-darwin mailing list
>> port-darwin@openafs.org
>> https://lists.openafs.org/mailman/listinfo/port-darwin
>>
>>
>> End of port-darwin Digest
>
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin
>