Hi Ken,
You asked:
>Does anyone know why invoking BetterTelnet and checking the
>Authentication box will not bring up a prompt for a Kerberos logon?
>If anyone has been able to get this to work, I'd really appreciate
>having your version numbers of your Telnet application, the Telnet
>Kerberos Plugin, and the Mac OS you're running. And, of course, if
>you've had a similar experience, how you solved it. Thanks!
Here's my understanding of one configuration that should work.
(Others with experience with using Kerberos under the Mac OS are
hereby encouraged to join this discussion.)
Three components which are needed to use the freeware Telnet client
for the Mac OS, BetterTelnet, with MIT's latest version of its
Kerberos core software for the Mac OS, are:
- The core Kerberos software itself: MIT Kerberos for Macintosh (KfM) 3.0
A local installer is available at:
http://mac.berkeley.edu/othersoftware/calnetkerberos/index.html
- The BetterTelnet 2.0fc1 application program
A local installer is available at:
http://mac.berkeley.edu/internetsoftware/bettertelnet/index.html
- Chas Williams' Kerberos V5 plug-in for MIT Kerberos for Macintosh 3.0
This is available as the file "Telnet_Plugin.bin" from:
ftp://ftp.cmf.nrl.navy.mil/pub/chas/MIT_Kerberos_3.0/
This plug-in file needs to be added to the folder containing the
BetterTelnet application.
In addition, if your Kerberos user principal name (aka CalNet
Kerberos ID) is not identical to the account username on a host to
which you'll be connecting, you'll also need to:
- Download and run Chas Williams' modified version of BetterTelnet 2.0fc1
This modified version of BetterTelnet offers a Username: field
in the "Open Connection..." dialog, and passes this account
username, if any, to the Telnet server via a Telnet environment
variable.
It's available as the file "BetterTelnet 2.0fc1 (ppc).bin" from:
ftp://ftp.cmf.nrl.navy.mil/pub/chas/MIT_Kerberos_3.0/
- Create (if necessary) and edit the file ".k5login" file in your
home directory (if this is a Unix host).
This file can contain one or more fully-qualified Kerberos
user principals (including realms), one per line. When you
authenticate using one of these principals, you are then
permitted to Telnet to this host with the privileges
associated with your account.
For instance, if your Kerberos user principal in the BERKELEY.EDU
realm happened to be "010111111" (a hypothetical staff ID), and
your username on a particular host was (hypothetically) kenwahl,
you would thus need to add:
to the ~kenwahl/.k5login file on this host.
At least several of the popular Kerberos-enabled programs for the
Mac OS we've worked with, including BetterTelnet, should
automatically "bring up a prompt for a Kerberos logon," as you
mentioned.
If you attempt to connect to a Kerberos-enabled service at a time
when you're not "logged into Kerberos" (i.e. when you don't currently
have a Kerberos ticket-granting ticket in your Kerberos credentials
cache), these programs will automatically display a "Kerberos Login"
window, prompting you for your Kerberos principal name (aka your
CalNet Kerberos ID) and passphrase.
If you are not seeing this window appear, even when using the
combination of MIT's KfM 3.0 core software, BetterTelnet, and Chas
Williams' K5 plug-in for BetterTelnet listed above, please contact me
directly; I'll be glad to look into this further with you.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <URL:http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Thu Sep 21 2000 - 15:43:06 PDT