Integrate kerberos and Keychain

mac kerberos

kinit on Mac OS X now (since 10.9, possibly earlier) has built-in support for saving the password to the keychain via the --keychain argument, accomplishing the same thing as paul's answer.

Authenticate using kinit --keychain; the password will be saved upon successful authentication:

kinit --keychain
# or
kinit --keychain [email protected]

Subsequent kinit invocations (which don't require the --keychain argument) will automatically get the saved password from your keychain instead of prompting you to enter it.


Actually it is possible. Let us say you have an account "bob" on the realm "MY.REAL.COM" with password "mypasswd". Then in a Terminal type on one single line

security add-generic-password -a "bob" -l "MY.REAL.COM (bob)" -s "MY.REALM.COM" -w "mypasswd" -c "aapl" -T "/usr/bin/kinit"

This will create an item in your default Keychain named "MY.REALM.COM (bob)" with your Kerberos credentials and kinit it will be authorized to access it. You can add as many -T "/fulpath/program" switches as you want, each will give access to the specific program to use your kerberos credentials. For example -T "/Applications/Mail.app/Contents/MacOS/Mail" will add access for Mail.app.

More details with man security.

After that kinit [email protected] will not prompt you for a password but will get it from the keychain.

Related

Why does the text `fi` get cut when I copy from a PDF or print a document?
In windows, can I redirect stdout to a (named) pipe in command line?
What does xfce4 power-manager do in "presentation mode"?
Is there a difference between 8-pin EPS12V and PCI-E connectors?
Getting IP address of a direct-connected computer
How to know what is causing a cursor lag on Mac?
How to download a file from the command line? via ssh?
How to align columns in output from a UNIX command?
How can I create multipart tar file in Linux?
Why is there usually a folder called 1033 in Microsoft Folders
Can mobs spawn on slabs?
Where can I find Blood Stone Chunks?