[OpenAFS-port-darwin] So tokens at login with post 10.4 mac os x...

Sebastian Hagedorn Hagedorn@uni-koeln.de
Fri, 26 Oct 2007 13:52:59 +0200 

--==========988553E4D2898CB68917==========
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On 25. Oktober 2007 12:25:39 -0400 Patrick McNeal <mcneal@MIT.EDU> wrote:

> On Oct 24, 2007, at 3:39 PM, Everette Allen wrote:
>
>> So has anyone yet learned how to get tokens at login (or kerberos
>> tickets for that matter) on post 10.4 mac os?  The information in:
>> http://docs.info.apple.com/article.html?artnum=3D107154
>> does not seem apply post 10.4.
>
>
> With this patch, and a valid /Library/Preferences/
> edu.mit.Kerberos file, the LoginWindow should accept either the local
> password, or kerberos password when logging into a local account.  If
> you use your kerberos password, you'll have a valid TGT after login.
> FWIW, it appears only to let people in if they already have a local
> account.
>
> I've not tried to do anything with tokens yet.
>
> --- /etc/authorization.bak	2007-10-24 16:27:41.000000000 -0400
> +++ /etc/authorization	2007-10-24 16:38:45.000000000 -0400
> @@ -537,7 +537,7 @@
>   				<string>loginwindow:login</string>
>   				<string>builtin:reset-password,privileged</string>
>   				<string>builtin:auto-login,privileged</string>
> -				<string>builtin:authenticate,privileged</string>
> +				<string>builtin:krb5authnoverify,privileged</string>
>   				<string>HomeDirMechanism:login,privileged</string>
>   				<string>HomeDirMechanism:status</string>
>   				<string>MCXMechanism:login</string>
> @@ -767,7 +767,7 @@
>   			<array>
>   				<string>builtin:smartcard-sniffer,privileged</string>
>   				<string>builtin:authenticate</string>
> -				<string>builtin:authenticate,privileged</string>
> +				<string>builtin:krb5authnoverify,privileged</string>
>   			</array>
>   		</dict>
>   		<key>authenticate-admin</key>

Hm, my original 10.4 /etc/authorization file looks *nothing* like the one=20
you had prior to that patch. Is that for 10.5, perchance?
--=20
     .:.Sebastian Hagedorn - RZKR-R1 (Geb=C3=A4ude 52), Zimmer 18.:.
Zentrum f=C3=BCr angewandte Informatik - Universit=C3=A4tsweiter Service =
RRZK
.:.Universit=C3=A4t zu K=C3=B6ln / Cologne University - =E2=9C=86 =
+49-221-478-5587.:.
                   .:.:.:.Skype: shagedorn.:.:.:.
--==========988553E4D2898CB68917==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFHIdUbGXsGmU0QW0URAnN/AJ4jMuv0WlrNP29zqfCvDF9h7cCrDgCeL24a
cC/redem4/FikmrNw4le/hQ=
=Pn9U
-----END PGP SIGNATURE-----

--==========988553E4D2898CB68917==========--