IT Services Technical Notes - Mac OS X How To: Kerberos

Search:

How to Configure Kerberos

For help or if you have questions or problems, please contact the Solution Center, 195 Durham Center, solution@iastate.edu or call IT Services at 294-4000.

You can read additional information about Kerberos on Mac OS X from MIT's FAQ webpage.

Table of Contents

About Kerberos

Configuring Kerberos For Iowa State

Enable Mac OS X Kerberos Authentication at Login

Table of Contents
About Kerberos
Configuring Kerberos For Iowa State
Enable Mac OS X Kerberos Authentication at Login

About Kerberos

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology.

Configuring Kerberos For Iowa State

IT Services has put together a Kerberos Configuration installer that will install the Kerberos preference file that has been configured for Kerberos 5 for use at Iowa State.

You can download this Kerberos Configuration installer from here (594 KB).

To configure Kerberos 5 for use at Iowa State, double-click on the KerberosConfig-0510.dmg file if it did mount, then double-click on the KerberosConfig5.pkg installer package.

The Kerberos Preference File

The Kerberos preference file is located at /Library/Preferences/edu.mit.Kerberos and contains this information:

[libdefaults]
    ticket_lifetime = 36000
    default_realm = IASTATE.EDU
    allow_weak_crypto = TRUE
    noaddresses = TRUE
    forwardable = TRUE

[realms]
    IASTATE.EDU = {
        kdc = kerberos-1.iastate.edu.:88
        kdc = kerberos-2.iastate.edu.:88
        admin_server = kerberos-1.iastate.edu.
        default_domain = iastate.edu
    }

[domain_realm]
    .iastate.edu = IASTATE.EDU
    iastate.edu = IASTATE.EDU

Enable Mac OS X Kerberos Authentication at Login

Enabling Kerberos Authentication at Login allows you to use your Iowa State Net-ID and Password in Mac OS X's login window and obtain Kerberos tickets as you login.

IT Services has put together a Kerberos Login installer that will enable Kerberos Authentication at Login. This installer is included in the KerberosConfig-0510.dmg download file.

To enable Kerberos Authentication at Login, double-click on the KerberosLogin.pkg installer package.

See How to Enable Mac OS X Kerberos Authentication at Login
to perform the recomended additional steps to enable Kerberos Authentication at Login.

Last updated August 24, 2011