kdcpreauth.c and Kerberos for the Macintosh

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

kdcpreauth.c and Kerberos for the Macintosh

John Cebasek
Hi All:

We're beginning to explore what it will take to add support for our hardware tokens to Kerberos for the Macintosh. If memory serves, the file for hardware preauthentication is 'kdc_preauth.c'. It's not in the Kerberos5 project. Am I looking in the correct project?

Any hints on debugging KerberosAgent? I've removed the KerberosAgent.plist from /etc/mach_init_per_user.d, but when I execute bootstrap_check_in(), I get an error BOOTSTRAP_NOT_PREVILEGED. I'm running from xCode 2.1 and 10.4.2 and I'm using the KerberosLogin project.

Thanks in advance for your time...



John Cebasek
[hidden email]
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kdcpreauth.c and Kerberos for the Macintosh

Ken Hornstein
>We're beginning to explore what it will take to add support for our
>hardware tokens to Kerberos for the Macintosh. If memory serves, the file
>for hardware preauthentication is 'kdc_preauth.c'. It's not in the
>Kerberos5 project. Am I looking in the correct project?

On the client side, the relevant file is preauth2.c.  But AFAIK the
code is already there (not on the KDC side, though).  I know it doesn't
work with the graphical login stuff, but supposedly people are working
on that.

--Ken
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kdcpreauth.c and Kerberos for the Macintosh

Alexandra Ellwood

On Aug 5, 2005, at 2:20 PM, Ken Hornstein wrote:

>> We're beginning to explore what it will take to add support for our
>> hardware tokens to Kerberos for the Macintosh. If memory serves,  
>> the file
>> for hardware preauthentication is 'kdc_preauth.c'. It's not in the
>> Kerberos5 project. Am I looking in the correct project?
>>
>
> On the client side, the relevant file is preauth2.c.  But AFAIK the
> code is already there (not on the KDC side, though).  I know it  
> doesn't
> work with the graphical login stuff, but supposedly people are working
> on that.

Have you tried the Tiger (10.4) support?  Our hardware preauth test  
case (grail) works with Tiger.

Note that there are some known problems with the graphical prompter  
support and the loginwindow.  These will be resolved in a future  
update from Apple.  However if you are seeing problems from the  
dialog after login (such as from Kerberos.app), please let me know.


--lxs

Alexandra Ellwood <[hidden email]>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kdcpreauth.c and Kerberos for the Macintosh

Ken Hornstein
>Have you tried the Tiger (10.4) support?  Our hardware preauth test  
>case (grail) works with Tiger.
>
>Note that there are some known problems with the graphical prompter  
>support and the loginwindow.  These will be resolved in a future  
>update from Apple.  However if you are seeing problems from the  
>dialog after login (such as from Kerberos.app), please let me know.

I dug up the original email.  The person was talking about 10.3, and
I have this snippet from that thread:

        I want to run one more test and see if it works in tiger (I do not  
        think it does; I don't see the gui bits that would support it  
        floating around anywhere).

I don't believe I heard back from the person regarding this, and this
was back in mid-May.  So I never heard if it worked in Tiger or not.
(I don't run Tiger right now, since AFS isn't released for it yet).

--Ken
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kdcpreauth.c and Kerberos for the Macintosh

Michael Bartosh

On Aug 5, 2005, at 6:04 PM, Ken Hornstein wrote:

> I dug up the original email.  The person was talking about 10.3, and
> I have this snippet from that thread:
>
>     I want to run one more test and see if it works in tiger (I do not
>     think it does; I don't see the gui bits that would support it
>     floating around anywhere).
>
> I don't believe I heard back from the person regarding this, and this
> was back in mid-May.  So I never heard if it worked in Tiger or not.
> (I don't run Tiger right now, since AFS isn't released for it yet).

iirc hardware preauth works in Panther using Kerberos.app. There is  
little-to-no chance that it will ever work with Panther's loginwindow.

-mb
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos