Hello Everyone, Perhaps it is widely known already, but I just wanted to share a process that I have worked out to get a kerberos ticket and an afs token at login time on MacOS. It seems to work fine for MacOS Ventura and Monterey; I have not tested on other versions.
1) copy a valid krb5.conf file for your realm to /etc/krb5.conf 2) install the Auristor client which is found here: https://www.auristor.com/openafs/client-installer/. 3) Make sure to allow the Auristor system extension in the security and privacy settings. This will require a reboot of the system. For all of the systems I have tried it on, you will see a message with something like "rebuilding the extension cache". 4) After the reboot make sure that you can successfully kinit and get a ticket, followed by aklog to get a token. 5) create a user (I always make it an admin) with the same name as your kerberos principal. 6) log into the machine and issue kinit --keychain principal_name . This stores your password in the keychain, after this, you will get your ticket on login time. 7) in the Auristor preferences, check the boxes: Use aklog Get credential at login time. 8) reboot the computer. Upon login I get prompted for my username and password twice usually. My cell takes FOREVER to log in for some reason, but after aklog completes in the background, I have a token and can access volumes in the cell. There is a program in the app store called 'kerberos ticket autorewnewal'. I have installed it but haven't confirmed its operation. Thanks, Richard _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
