To use Kerberos Single-Sign-On on a MacBookPro, you can do as follows:
- Make a copy of
/etc/krb5.conf
from a server in your company network. - Save it into
/etc/krb5.conf
on your MacBookPro. You probably needsudo
. - Run
kinit <your-login>@<realm_name>
. If you don’t know what is the realm name is, take a look at/etc/krb5.conf
[libdefaults] default_realm = MY.COMPANY.COM
- Add this line to
~/.ssh/config
. Without this line, password method is preferred.GSSAPIAuthentication yes
- Then you can ssh to any host supporting kerberos without typing a password.
- If your kerberos ticket expires, just run
kinit
again. You don’t have to provide the principal<your-login>@<realm_name>
at this time. - Use
klist
to show when the ticket will expire.
No comments:
Post a Comment