[32705] in Kerberos
Re: "Negative cache rejected lookup for" host/princ when using GSSAPI
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Thu Sep 23 02:27:06 2010
MIME-Version: 1.0
In-Reply-To: <AANLkTikyNfFcw=9q1MDMUjS5T65r6vNmE_J7Lth+FmSg@mail.gmail.com>
Date: Thu, 23 Sep 2010 16:26:53 +1000
Message-ID: <AANLkTin-9VH_JBQJvgxpUw2Yr6VVHoafTC-nbHpR84b1@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Jonathan Simms <slyphon@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi
kerberised ssh is disabled by default with ssh on MacOS >= 10.4.9
If you install the Mac OS Kerberos Extra, from MIT
http://web.mit.edu/macdev/KfM/Common/Documentation/osx-kerberos-extras.html
it will re-enable kerberised ssh.
In my experience on mac, I found that none of the kerberised
application found natively on the mac will make the ticket viewer pop
up and ask to get a ticket.
You have to start the Ticket Viewer, explicitely ask for a ticket,
then run the application. Watch out when the ticket expires too,
because you won't be asked to renew it automatically either.
3rd party application like Firefox or Thunderbird will make Ticket
Viewer pop up though.
Jean-Yves
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
