site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Thread-index: AcY8cezkK6gH1ahlEdqIKgANk8YL5g== Thread-topic: Kerberos authentication with dsDoDirNodeAuth ? User-agent: Microsoft-Entourage/10.1.0.2418 It would help if you can tell us why you are doing the dsDoDirNodeAuth. What directory service node are you trying to authenticate with? Does the user already have a Kerberos ticket granting ticket in their cache? You can check for the TGT using 'klist'. Paul Nelson Thursby Software Systems, Inc.

From: Nigel Kersten <nigel@cofa.unsw.edu.au> Date: Tue, 28 Feb 2006 08:24:49 +1100 To: <darwin-dev@lists.apple.com> Subject: Kerberos authentication with dsDoDirNodeAuth ?

I'm working on something at the moment where I'd like to be able to authenticate via Kerberos to a DirectoryService node.

I'm ok with the Kerberos Login API, and can happily do dsDoDirNodeAuth with usernames and passwords, but I'm just wondering if anyone knows whether it's possible to do Kerberos authentication with the DirectoryServices API?

I can get the kerberos principal for a given username with kDSStdAuthGetKerberosPrincipal, so is the idea that I should be grabbing an authorization ref from somewhere and using that to auth to the node? A search of the archives seemed to suggest that NetInfo is the only plugin that actually supports such an authentication method at the moment.

I'm starting to get the impression that I'll have to use the lower level ldap_kerberos_bind_s() rather than DirectoryServices if I want to do Kerberos authentication? Does anyone know if this is right?

-- Nigel Kersten [Senior Technical Officer] College of Fine Arts, University of NSW, Australia. CRICOS Provider Code: 00098G

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/nelson%40thursby.com

This email sent to nelson@thursby.com

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com smime.p7s