Macintosh Development |
[Home]
[About Us]
[People]
[Information Systems]
[Kerberos for Macintosh]
[Applications]
[Miscellaneous Documentation]
Kerberos for Macintosh Product Overview |
Kerberos for Macintosh (KfM) is the reference implementation of the Kerberos authentication system for Mac OS X. KfM provides support for both Kerberos protocol versions, all the major Kerberos APIs and wraps it all into a simple Macintosh package with support for Mac OS X, as well as legacy support for Mac OS 8 & 9 and the Classic environment under Mac OS X.
Under the hood, Kerberos for Macintosh provides Kerberos v5 and Kerberos v4 protocols, GSSAPI, an in-memory ticket cache, KClient compatibility and a graphical Login interface and accompanying API for acquiring Kerberos tickets.
The current release of Kerberos for Macintosh for Mac OS X 10.3 (Panther) is 5.0, included with Mac OS X 10.3.x.
The last release of Kerberos for Macintosh for Mac OS X 10.2 (Jaguar) was 4.5.1, included with Mac OS X 10.2.x.
The Mac OS X Kerberos Extras for 10.2 and 10.3 are available from MIT.The last release of Kerberos for Macintosh supporting Mac OS X 10.1 was 4.0.3.
The last release of Kerberos for Macintosh supporting Mac OS 8 & 9 and the Classic environment of Mac OS X was version 4.0.3.Click here for New Features and Changes in Kerberos for Macintosh 5.0.
Key Features of Kerberos for Macintosh 5.0
General
- Native Mac OS X-only implementation of KfM Kerberos libraries provided as a framework
- Support for Unix applications via /usr/lib
- CFM bridge libraries provide support to Carbon CFM applications (only available in Mac OS X Kerberos Extras)
- Support for Kerberos during remote connections
- Basic command-line tools: kinit, kdestroy, klist, kpasswd, kswitch
- Standard MIT KDC and related daemons ships with both Mac OS X Server and client
- kadmin, ktutil tools included
- Mach-O Kerberos management application with dynamic dock icon and pop-up menu for common Kerberos functions
- KfM under Classic shares its ticket cache with the OS X ticket cache
Kerberos Application
- Native Mach-O version for Mac OS X
- User tool for acquiring, renewing and deleting both v4 and v5 tickets
- Allows multiple credentials including credentials from different realms
- Allows user to change the active credential
- Principals with both v4 and v5 tickets viewed as a single user
- Can auto-renew renewable tickets
- Configures defaults for Kerberos Login dialog
- Configures realms presented in Kerberos Login dialog
- Allows user to change their Kerberos password
- Information window for displaying the details of individual tickets
- Expanded Preferences dialog for changing extra UI elements and ticket lifetimes
- Dock icon provides indication of ticket status and remaining lifetime
- Pop-up menu from dock icon provides convenient acquisition, deletion and renewal of tickets, and allows easy switching between active users
Kerberos v5 and GSS Support
- Includes the Kerberos v5 1.3.1 release and features
- Credentials stored in memory
- Integration with Kerberos Login to present login dialog automatically
- Supports 3DES
- krb524 support
- Provides support for hardware preauthentication
- Support for DNS lookups of KDC
Kerberos v4 and KClient Support
- KClient 3.0 API maintains compatibility with existing KClient applications
- KClient 3.0 API includes compatibility and revised developer libraries as part of the Kerberos framework
- Kerberos v4 implementation now based on MIT's core v4 compatibility library
- Credentials stored in memory
Kerberos Login Dialog
- Provides a single UI for acquiring v4, v5 and simultaneous v4 and v5 tickets
- Allows selection of realm per login, and entry of DNS realms
- Allows change in length of credential life per login
- Allows selection of Kerberos v5 ticket flags per login
- Kerberos applications running in Classic present the OS X Kerberos Login dialog for better integration
Minimum System Requirements for Kerberos for Macintosh 5.0
- A PowerPC Macintosh
- Mac OS X 10.3 or later (included with operating system)
Useful Webpages
- Kerberos for Macintosh FAQs
- Mac OS X Kerberos Extras
- Kerberos for Macintosh Documentation - information on using the KfM components and their features.
Questions or comments? Send mail to macdev@mit.edu
Last updated on $Date: 2003/11/18 21:07:44 $
Last modified by $Author: smcguire $