[slavkom]

heh..well that explains it! I prefer to use the terminal for ftp…I just figured it would work like ssh does. As frustrating as this whole experience has been..I now have a clearer understanding of how this whole kerberos thing works and I certainly have learned how to build a KDC on OSX Server! BTW…love the look of the new site.

Mike

[slavkom]

Ok we have made progress! I can now get ftp tickets useing Fetch! I have installed the Mac_OS_X_Kerberos_Extras package on my clients and it works! However, I am still unable to use the terminal to use kerberos to ftp. to the server even after I was issues a valid ticket, it does however work useing ssh or slogin.

I’ve been living this issue for a week and I’m sick of it. I’m sure there is a way to get this to work but I lack the skill at this time to know what to do to fix it.

It could be a bug. 😯

[slavkom]

Joel,

Fetch seems to be the only “Kerberosized” FTP app as far as I can tell…I’ve tried: Fetch, Cpt. FTP, Transmit and the terminal, none of these work. After spending time at the MIT Kerberos site and reading the Apple Manuals
( which are pretty much useless) it looks like the sso_util is the tool I’m looking for.

Mastering any command line applications has always been a struggle for me but I’m determined to learn this! I do have a few question…

What is the “dir_node_path” What is the “record_name”

ie.

Commands for sso__util :

info [-p] [-g | -r dir_node_path | -s [-R record_name] [-a]
[dir_node_path]]
Returns information about the current Single Sign On environment

I’ve also been poking around in the inetd.conf file and services file in /etc for answers. In the Apple manual, it says if you’re trouble shooting kerberos issues to check the kdc.log it doesn’t seem to exist on my server. where is this file? Thanks for your reply Joel!

Mike[/i][/b]

[slavkom]

To try and reslove this issue, I trashed my KDC and started from scratch. I wasn’t sure it was setup correctly, So…after all that…I still can’t get FTP to use kerberos for logins 😯

Is this a known issue? useing Joel’s instructions I can view my keytab with

klist -kt

they’re all there…

How do I add services to the principal? I think this is the problem…

I’ll continue to try and figure this out.

[slavkom]

After a few failed attempts and alot of reading…everything now works great! Thanks for pointing me in the right direction!!

Mike
8)

[slavkom]

Yes..my server is hosting my internal DNS and it does work great. I know(from experience) what a pain changing the servers IP address is…so I just figured changing DNS info would be equaly painful, especially the LDAP configuration. If I do add another zone to my current DNS to reflect the new internet domain, will there be a conflict with different domain names pointing to the same IP addresses?

Sorry if these are simple question…but I’m still learning 😀

Thanks for the reply Joel!!

Mike

[slavkom]

Well after reviewing the guide…I got it to work! but I’m sure I’ll have a ton more questions…. 8)

[Author]

Posts