Details on broken aklog and klog (was:Arla and OSX 10.2)
Aaron Rosenblum
arosenbl at mac.com
Sun Sep 1 18:04:57 CEST 2002
in the <string>switch_to_user</string> line:
add krb5auth:login to the string so that it looks like:
<string>switch_to_user,krb5auth:login</string>
This will only work if your OSX short name and password are the same as
your kerberos name and password. It gets tickets as a "side effect of
logging in". To make login hinge on Kerberos authentication you need
to do what was explained above, and:
eplace the 'authinternal' string in the line that looks like
replace the 'authinternal' string in the line that looks like
<string>loginwindow_builtin:login,authinternal,loginwindow_builtin:succe
ss</string>
with the string: 'krb5auth:authenticate'
so that it looks like:
<string>loginwindow_builtin:login,krb5auth:authenticate,loginwindow_buil
tin:success</string>
If you do it this way, you need only your login name to be the same as
your kerberos name, the password can be different. However, you must
have a keytab generated for your workstation.
Aaron
On Sunday, September 1, 2002, at 06:15 AM, Magnus Ahltorp wrote:
>> These errors are interesting because when I compiled .35.8 on 10.2 and
>> made the kext myself, aklog worked. I have my machine set to get
>> tickets from the loginwindow and a /usr/arla/bin/aklog works fine.
>
> How do you make loginwindow use kerberos? I tried editing
> /etc/authorization, but I never got it to work. Do you run aklog
> automatically, and in that case, where?
>
> /Magnus
>
More information about the Arla-drinkers
mailing list