Kerberos tickets at login time on Mac OS X

By Larry Grey • July 24, 2011

We added support for Kerberos authentication in our Desktop Single Signon for PeopleSoft product awhile ago. One of the nice things about Kerberos is that it has good cross platform support. Microsoft Windows has supported Kerberos for quite some time, Mac OS X supports it, Linux supports it. 

The Windows implementation has always the nice property of automatically obtaining the Kerberos Ticket Granting Ticket (TGT) at login time, which means that when someone running Windows hits a Kerberos protected website, the browser can respond automatically. 

Apple has posted information about how you can configure OS X 10.6 to obtain a TGT when logging on to Active Directory. I presume this applies to OS X 10.7 Lion as well, but haven’t confirmed that yet though (there are changes in the Kerberos implementation in Lion though; single DES tickets no longer work unless you specifically indicate that you’re OK with using weak crypto).

Labels: Kerberos,tickets,login,Mac,OS,X

Stay Updated

Request a Demo