Experiments with Mac OS X 10.5 (Leopard)

I did a few basic experiments with 10.5 to see what worked.

Kerberos

To test Kerberos I tested to see if I could create a Kerberos ticket using my normal Kerberos principal. You should be able to do this out of the box, provided cross-realm lookups are enabled.

I first tried the kinit command, supplying my principal (call it blah@FOO) as an argument, and got back a "No such file or directory" error. klist showed no tickets.

Ah - maybe cross-realm lookups aren't enabled by default then?

I then tried the Kerberos application. It's in the expected place (/System/Library/CoreServices/Kerberos.app).

To open it, open /System/Library/CoreServices/Kerberos.app

I still wasn't able to get a ticket using it (still "No such file or directory") but then I accessed its "Edit Realms" pane and saw that "Configure additional realms automatically using DNS" was ticked.

Doing this has the effect of creating a /Library/Preferences/Edu.Mit.Kerberos file, which contains

[libdefaults]
         dns_fallback = yes

Then after that I was able to do kinit blah@FOO - and klist now says:

Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: blah@FOO

Valid Starting     Expires            Service Principal
05/28/07 10:32:28  05/28/07 20:35:54  krbtgt/FOO@FOO

Normally it would be a good idea to download and install the Kerberos Extras package; this supplies a default /Library/Preferences/Edu.Mit.Kerberos file among other things. However there wasn't one for 10.5 at the time of writing.

-- ChrisCooke - 08 Jun 2007

Topic revision: r1 - 08 Jun 2007 - 14:37:11 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies