[OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #360 - 7 msgs
Dave Pugh
dpugh@umich.edu
Thu, 9 Mar 2006 16:34:14 -0500
Replace 'authinternal' with 'builtin:krb5authnoverify,privileged' in
the following two locations:
system.login.console (change line 341 I think)
authenticate (change line 536 I think)
We have a package posted here:
http://www.lsa.umich.edu/lsait/admin/mac/software/Kerberized-Console.pkg.zip
that does this all via a postflight script inside the package (feel free
to look at it). This works for us, but you'll obviously want to try it
in your environment before deploying to your users. (the read-me's are
a bit dated, but the pkg itself should be current).
--Dave
> Date: Thu, 9 Mar 2006 13:52:11 -0600
> From: Nicholas Riley <njriley@uiuc.edu>
> Subject: Re: [OpenAFS-port-darwin] Re: Example of the "correct" way to get tokens for Finder on login...
>
> Somewhat related - does anyone have an /etc/authorization file that
> works for Kerberos logins, and preferably other things such as
> unlocking the screen saver, System Preferences, Finder, etc.? The one
> I've constructed works in most places but breaks remote SSH logins for
> everyone, and it's a tedious process of trial and error to determine
> which rules need changing and how.
>
> --
> Nicholas Riley <njriley@uiuc.edu> | <http://www.uiuc.edu/ph/www/njriley>