Enroll Mac in Kerberos: Difference between revisions

Enroll Mac in Kerberos (view source)

66 bytes added , 21 January

no edit summary

167

edits

@@ Line 1: / Line 1: @@
+This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!
 # Create host on IPA
 # Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";
 # On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022
-# Ensure /etc/krb5.conf file has the correct contents
+# Ensure /etc/krb5.conf file has the correct contents. Make sure to replace <username> with your actual username!
 # Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt
 # As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA
@@ Line 9: / Line 11: @@
 # Click on Actions > New Certificate
 # CA = ipa
-# Profile ID = KDCs_PKINIT_Certs
+# Profile ID = caIPAserviceCert
 # Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr
 # Request the certificate
@@ Line 31: / Line 33: @@
      DELFTSOLUTIONS.NL = {
          default_domain = delftsolutions.nl
-        pkinit_identity = FILE:/Users/<username>/Library/IPA/laptop.crt,/Users/<username>/Library/IPA/laptop.key
      }