167
edits
Enroll Mac in Kerberos: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 3: | Line 3: | ||
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022 | # On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022 | ||
# Ensure /etc/krb5.conf file has the correct contents | # Ensure /etc/krb5.conf file has the correct contents | ||
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt | |||
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA | |||
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/laptop.key -out ~/Library/IPA/laptop.csr | |||
# Go to your user in IPA | |||
# Click on Actions > New Certificate | |||
# CA = ipa | |||
# Profile ID = KDCs_PKINIT_Certs | |||
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr | |||
# Request the certificate | |||
# Store the resulting certificate in ~/Library/IPA/laptop.crt | |||
== krb5.conf == | == krb5.conf == | ||
| Line 22: | Line 31: | ||
DELFTSOLUTIONS.NL = { | DELFTSOLUTIONS.NL = { | ||
default_domain = delftsolutions.nl | default_domain = delftsolutions.nl | ||
pkinit_identity = FILE:/etc/ipa/ | pkinit_identity = FILE:/etc/ipa/pkinit.crt,/etc/ipa/pkinit.key | ||
} | } | ||