Magic Triangle w/Kerberos in OS X 10.6

I was recently handed the task of integrating Mac OS X 10.6 into our so-called Magic Triangle authentication environment. To make things more interesting, Macs here are treated as UNIX workstations, and thus not bound to AD.

A quick search on Google yielded a long discussion on Kerberos support (or not) in Mac OS X 10.6 on RedHat Engineer Vincent Danen’s blog, and eventually to a his Wiki discussing Kerberos on Mac OS X

I’ll summarize the relevant tips here:

  • /etc/krb5.conf is /Library/Preferences/ on Mac OS X
  • /System/Library/LaunchAgents/ should use -R instead of -B (to auto-renew tickets)

Thanks to Apple’s support of Open Source, I was able to check out the source code for the module that they use in OS X 10.6. With this, I was enable to enable debugging in a custom application and determine how to get authentication working.

Apple has some additional tips here:

Leave a Reply

Your email address will not be published. Required fields are marked *