I was recently handed the task of integrating Mac OS X 10.6 into our so-called Magic Triangle authentication environment. To make things more interesting, Macs here are treated as UNIX workstations, and thus not bound to AD.
A quick search on Google yielded a long discussion on Kerberos support (or not) in Mac OS X 10.6 on RedHat Engineer Vincent Danen’s blog, and eventually to a his Wiki discussing Kerberos on Mac OS X
I’ll summarize the relevant tips here:
- /etc/krb5.conf is /Library/Preferences/edu.mit.Kerberos on Mac OS X
- /System/Library/LaunchAgents/com.apple.Kerberos.renew.plist should use -R instead of -B (to auto-renew tickets)
Thanks to Apple’s support of Open Source, I was able to check out the source code for the pam_krb5.so module that they use in OS X 10.6. With this, I was enable to enable debugging in a custom application and determine how to get authentication working.
Apple has some additional tips here: http://support.apple.com/kb/TA20987