[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos authentication with dsDoDirNodeAuth ?

Subject: Re: Kerberos authentication with dsDoDirNodeAuth ?
From: Paul Nelson <email@hidden>
Date: Tue, 28 Feb 2006 08:19:03 -0600
Delivered-to: email@hidden
Delivered-to: email@hidden
Thread-index: AcY8cezkK6gH1ahlEdqIKgANk8YL5g==
Thread-topic: Kerberos authentication with dsDoDirNodeAuth ?
User-agent: Microsoft-Entourage/10.1.0.2418

It would help if you can tell us why you are doing the dsDoDirNodeAuth.
What directory service node are you trying to authenticate with?
Does the user already have a Kerberos ticket granting ticket in their cache?
You can check for the TGT using 'klist'.

Paul Nelson
Thursby Software Systems, Inc.


> From: Nigel Kersten <email@hidden>
> Date: Tue, 28 Feb 2006 08:24:49 +1100
> To: <email@hidden>
> Subject: Kerberos authentication with dsDoDirNodeAuth ?
> 
> I'm working on something at the moment where I'd like to be able to
> authenticate via Kerberos to a DirectoryService node.
> 
> I'm ok with the Kerberos Login API, and can happily do
> dsDoDirNodeAuth with usernames and passwords, but I'm just wondering
> if anyone knows whether it's possible to do Kerberos authentication
> with the DirectoryServices API?
> 
> I can get the kerberos principal for a given username with
> kDSStdAuthGetKerberosPrincipal, so is the idea that I should be
> grabbing an authorization ref from somewhere and using that to auth
> to the node? A search of the archives seemed to suggest that NetInfo
> is the only plugin that actually supports such an authentication
> method at the moment.
> 
> I'm starting to get the impression that I'll have to use the lower
> level ldap_kerberos_bind_s() rather than DirectoryServices if I want
> to do Kerberos authentication? Does anyone know if this is right?
> 
> 
> -- 
> Nigel Kersten [Senior Technical Officer]
> College of Fine Arts, University of NSW, Australia.
> CRICOS Provider Code: 00098G
> 
> 
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-dev mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/darwin-dev/email@hidden
> 
> This email sent to email@hidden
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Kerberos authentication with dsDoDirNodeAuth ?
  - From: Nigel Kersten <email@hidden>

References:
	>Kerberos authentication with dsDoDirNodeAuth ? (From: Nigel Kersten <email@hidden>)

Prev by Date: Why no work on rsync?
Next by Date: Re: usefulness of source
Previous by thread: Kerberos authentication with dsDoDirNodeAuth ?
Next by thread: Re: Kerberos authentication with dsDoDirNodeAuth ?
Index(es):
- Date
- Thread

Home