167
edits
Enroll Mac in Kerberos: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you! | This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you! | ||
# Set bash as your default shell: [[New_Mac_Setup#Use_Bash_as_Shell]] | |||
# Create host on IPA | # Create host on IPA | ||
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE"; | # Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE"; | ||
| Line 16: | Line 17: | ||
# Store the resulting certificate in ~/Library/IPA/user.crt | # Store the resulting certificate in ~/Library/IPA/user.crt | ||
# Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username! | # Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username! | ||
## alias ds_pkinit="kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>" | ## alias ds_pkinit="/usr/bin/kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>" | ||
## ds_pkinit & disown | ## ds_pkinit & disown | ||