I'm trying to get my leopard client to access sharepoints on my leopard server using kerberos authentication established at login. I'll list what I have done already bellow:
- OD set up with a username (short and long) and password that is the same as that being used on the client laptop.
- Client laptop is bound to the OD
- modified /etc/authorization: <string>builtin:authenticate,privileged</string> to <string>builtin:krb5authnoverify,privileged</string>
When I log in it accepts my password and allows me into the laptop. The OD logs show that authentication to the server took place (I believe) (username and domain intentionally masked):
When I try to connect to an AFP sharepoint it again asks my to authenticate. If I authenticate once then I can access any other sharepoints with no problems, however, I'd like to be able to use the kerberos ticket I believe I have from the system login to do this AFP authentication.
Am I missing something here?
Hans
- OD set up with a username (short and long) and password that is the same as that being used on the client laptop.
- Client laptop is bound to the OD
- modified /etc/authorization: <string>builtin:authenticate,privileged</string> to <string>builtin:krb5authnoverify,privileged</string>
When I log in it accepts my password and allows me into the laptop. The OD logs show that authentication to the server took place (I believe) (username and domain intentionally masked):
Code:
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.1.121: NEEDED_PREAUTH: [email]user@SERVER.xxxx.PRIV[/email] for krbtgt/SERVER.xxxx.PRIV@SERVER.xxxx.PRIV, Additional pre-authentication required
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.1.121: NEEDED_PREAUTH: [email]user@SERVER.xxxx.PRIV[/email] for krbtgt/SERVER.xxxx.PRIV@SERVER.xxxx.PRIV, Additional pre-authentication required
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](debug): handling authdata
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](debug): handling authdata
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](debug): .. .. ok
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](debug): .. .. ok
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.1.121: ISSUE: authtime 1202564345, etypes {rep=16 tkt=16 ses=16}, [email]user@SERVER.xxxx.PRIV[/email] for krbtgt/SERVER.xxxx.PRIV@SERVER.xxxx.PRIV
Feb 09 13:39:05 server.xxxx.priv krb5kdc[512](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.1.121: ISSUE: authtime 1202564345, etypes {rep=16 tkt=16 ses=16}, [email]user@SERVER.xxxx.PRIV[/email] for krbtgt/SERVER.xxxx.PRIV@SERVER.xxxx.PRIV
When I try to connect to an AFP sharepoint it again asks my to authenticate. If I authenticate once then I can access any other sharepoints with no problems, however, I'd like to be able to use the kerberos ticket I believe I have from the system login to do this AFP authentication.
Am I missing something here?
Hans