site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com -- Nigel Kersten [Senior Technical Officer] College of Fine Arts, University of NSW, Australia. CRICOS Provider Code: 00098G _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I'm working on something at the moment where I'd like to be able to authenticate via Kerberos to a DirectoryService node. I'm ok with the Kerberos Login API, and can happily do dsDoDirNodeAuth with usernames and passwords, but I'm just wondering if anyone knows whether it's possible to do Kerberos authentication with the DirectoryServices API? I can get the kerberos principal for a given username with kDSStdAuthGetKerberosPrincipal, so is the idea that I should be grabbing an authorization ref from somewhere and using that to auth to the node? A search of the archives seemed to suggest that NetInfo is the only plugin that actually supports such an authentication method at the moment. I'm starting to get the impression that I'll have to use the lower level ldap_kerberos_bind_s() rather than DirectoryServices if I want to do Kerberos authentication? Does anyone know if this is right? This email sent to site_archiver@lists.apple.com