2

In previous versions of Mac OS X, one could enable Kerberos authentication when a user logs in by following a support document.

Specifically, this document explains that the file /etc/pam.d/authorization needs to be edited to enable this. After upgrading to Mac OS X10.10, this file no longer exists, and there is no update to the KB article.

Is there a new (and better?) way to enable this feature?

Elias Mårtenson
  • 309
  • 1
  • 4
  • 12

2 Answers2

1

https://wiki.ncsa.illinois.edu/display/ITS/Kerberos+on+Mac+OS+X+10.7+and+later

I used this howto sited above and others like it on my yosemite workstation. I have a centos7 server with IPA on virtual box and kinit and klist work. I ssh'd afterwards and wasn't automatically ssh'd into the centos/ipa server on the virtual box guest verifying sso. This was my first setup and I didn't do the ipa install with bind.

This was all done from my mbp. I also have yosemite server installed, so I don't know if that is why I have the files or not. I made backups of the originals and edited accordingly to the link above. Good luck! :D

rac3rx
  • 11
  • 2
0

It is working for me on 10.10.0, and those directories exist for me.

I'm also using the Heimdal implementation but on OpenBSD.

Example Ticket on 10.10

damolp
  • 331
  • 1
  • 6
  • Do you have the file `/etc/pam.d/authorization`? Did you do an upgrade or a new install? – Elias Mårtenson Oct 27 '14 at 04:30
  • @Elias I've got the file /etc/pam.d/authorization on my MBP that I've upgraded to Yosemite. The file is also present on my desktop at work which is a fresh install of Yosemite. Try look in `/private/etc/` as `/etc/` is a symlink to `/private/etc/` – damolp Oct 28 '14 at 02:57