Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Mac OS X, how do I authenticate against IU's Kerberos realm?

Note: Mac systems bound to the Active Directory at Indiana University do not need the Kerberos configuration found here. For detailed information on Mac systems in multiuser environments, local support providers (LSPs) can contact IT Professional Services and Support.

To authenticate against IU's Kerberos realm in Mac OS X, follow the appropriate instructions below.

Mac OS X 10.7 (Lion)

  1. In the Applications folder, open the Utilities folder. Then, open Keychain Access.

  2. From the Keychain Access menu, select Ticket Viewer.

  3. Click Add Identity. Enter  username@ADS.IU.EDU , replacing username with your Network ID username.

    Note: ADS.IU.EDU must be in all capital letters.

  4. Enter your Network ID passphrase.

  5. Click Continue to get your initial Kerberos ticket.

  6. To make this your default Kerberos identity, click Set as Default.

Older versions of Mac OS X

  1. The easiest way to configure older versions of Mac OS X to authenticate against Indiana University's Kerberos realm (ADS.IU.EDU) is to install the IU Kerberos Assistant. Download IU Kerberos Assistant from IUware.

    Note: The Kerberos Assistant will install the edu.mit.Kerberos file in the user domain (~/Library/Preferences/), not the local domain (/Library/Preferences/) as in the instructions below. Installing the file in the local domain makes it available to all users on the computer.

    Alternately, to configure your settings manually:

    1. Obtain the Indiana University krb5.conf file.
    2. Rename the krb5.conf file to edu.mit.Kerberos and place it in the following directory: /Library/Preferences/

      If you already have an edu.mit.Kerberos file, you may already be able to use Kerberos authentication.

    3. Navigate to the directory /System/Library/CoreServices/. In Mac OS X 10.6, find the Ticket Viewer application; in Mac OS X 10.5 or 10.4, find the Kerberos application. Drag the application icon to the Dock for easy access.

      Note: In Mac OS X 10.5 and 10.6, you can access the application from the Keychain Access application in /Application/Utilities/. In the Keychain Access menu, select Ticket Viewer (10.6) or Kerberos (10.5).

  2. Open the Kerberos application and do the following:

    1. In Mac OS X 10.6, select Get Ticket. In Mac OS X 10.5 and 10.4, in the application window, click New.
    2. In the "Name:" field, enter your IU Network ID username.
    3. Make sure the Realm is set to ADS.IU.EDU .
    4. Enter your IU Network ID passphrase and click OK. A Kerberos ticket should appear in the Kerberos application window.

  3. Try to connect to a Windows share or other Kerberos-enabled resource. You should not need to re-enter your Network ID to make the connection.

Note: Kerberos authentication only works while on the IU network. When you are not on the IU network, you will need to use VPN.

This is document atse in domain all.
Last modified on November 16, 2011.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.