riot.projects

riot.projects is the tumblelog of Aubrey Holland. You can find me on twitter at @riotpolice
November 2

Setting up Kerberos on Snow Leopard

For some inexplicable reason, the Kerberos tools have been pretty much completely removed in Snow Leopard, in favor of a simple “Ticket Viewer” app that manages tickets but doesn’t help at all with the Kerberos setup. If you don’t have an existing kerberos setup, your only option in the ticket viewer will be “Add Identity” and it will give you this excellent error message when you try to use it: 

Configuration file does not specify default realm
Because they have removed the setup tools, you now need to configure Kerberos yourself by editing the /etc/krb5.conf to add the default domain and configure the various servers. Here’s an example of the config file that we use on our servers: 
[libdefaults]
default_realm = AOL.COM


[realms]
AOL.COM = {
kdc = server1
admin_server = admin_server
default_domain = AOL.COM
}
Replace AOL.COM with your realm, replace the various servers with the IP addresses that apply to your setup and add any more kdc servers you need and you should be good to go.

Comments (View)
blog comments powered by Disqus