What You ve Learned


What You've Learned

  • Kerberos uses principals, host, service, and user to define machines, services that can use Kerberos, and users who are allowed to obtain tickets from the KDC.

  • The edu.mit.Kerberos file can be edited manually, edited with the Kerberos application, or created automatically from a bound LDAP server.

  • The Login Window in Mac OS X can obtain a TGT from a KDC.

  • Kerberos is very sensitive to time inconsistencies, so all machines relying on Kerberos in some fashion should get their time from the same time server.

  • kinit, klist e, and kdestroy are the command-line utilities to obtain a ticket, list all tickets, and destroy tickets, respectively.

References

Administration Guides

"Mac OS X Open Directory Administration": http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf

"Mac OS X Server Command-Line Administration": "http://images.apple.com/server/pdfs/Command_Line_v10.4.pdf

Apple Knowledge Base Documents

The following Knowledge Base documents (located at www.apple.com/support) provide further information about Kerberos and Mac OS X.

Document 107702, "Mac OS X Server 10.3: Kerberos Authentication May Not Work After Changing to LDAP Master or Replica, or Kerberizing a Particular Service"

Document 107875, "Mac OS X Server 10.3: Upgrading Password Server users to Kerberos and single sign-on"

Document 107543, "Mac OS X Server 10.2, 10.3: Password Authentication Options for Networked Environments"

Books

Garman, Jason. Kerberos: The Definitive Guide (O'Reilly, 2003).

URLs

Each of these URLs may help in your understanding of Kerberos. While they are slightly different in their delivery of the subject, they all basically explain Kerberos in more detail:

MIT's tutorial on Kerberos infrastructure and implementation: http://web.mit.edu/kerberos/www

http://web.mit.edu/macdev/www/kerberos.html

www.net.berkeley.edu/kerberos/k5concepts.html

www.net.berkeley.edu/kerberos

www.oit.duke.edu/~rob/kerberos

www.upenn.edu/computing/pennkey/sysadmin/d_install_unix/install_directions.html

www.afp548.com/Articles/Panther/kerberos1.html

www.afp548.com/Articles/Panther/kerberos2.html

www.isi.edu/~brian/security/kerberos.html

Editing the edu.mit.Kerberos file: http://web.mit.edu/macdev/KfM/Common/Documentation/preferences-osx.html




Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net