Home

OS X and Kerberos

Posted November 4th, 2007 by Edward Marczak

OS X Server has used Kerberos as a single sign-on technology for some time now.  It's rare, though, to find a Kerberos server on a workstation, but that's precisely what you'll find on each and every OS X v10.5 workstation.  Single sign-on with no infrastructure.  Very, very cool.  However, it's not really documented very well.  Apple just put this kb article on-line, though:

http://docs.info.apple.com/article.html?artnum=306723

Here's hoping to further implementation details!

3 Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Not entirely

On October 31st, 2007 Dave Provine says:

Even with a Kerb ticket from doing an AFP connection, it doesn’t offer one for SSH though, even using Bonjour to connect.

Partially

On November 1st, 2007 Edward Marczak says:

Thanks for the update, Dave!

Yeah, I’m not sure the sshd in OS X client is kerberized. n the whole, we just need better documentation on all of this. Maybe complete kerb will hit us in 10.5.1 or so.

Correct - not every service

On November 2nd, 2007 Edward Marczak says:

So, darn, you’re right - no kerb ssh as far as I can tell. Too bad. However, connect to file sharing, and from there, screen sharing “just works.” Which is good and bad…going to bite some people, for sure.