Many of us have Stanford Desktop Tools on our machine, or at least have a proper edu.mit.Kerberos file (aka krb5.conf) so that we can use Kerberos authentication for email programs like Mail.app or Eudora, web browsers like Safari with HTTP Negotiate, and other single sign-on services like filesharing. But out-of-the-box, we're faced with double-authentication scenarios, where we first log into our Mac, then we face a Kerberos dialogue box (where we enter our SUNet ID and password). Wouldn't it be nice to get our Kerberos credentials at the same time we log in?
This can be done, but it requires a little Mac kung-fu. If you follow these steps, you will not need to re-authenticate to a supplemental Kerberos dialogue box, provided your Mac's login name and password is the same as your SUNet ID and SUNet password. If your account name on your computer is something else (like "johnny" when your SUNet ID is "jdoe") it won't work.
Warning: you can really shoot yourself in the foot if you do this incorrectly. First, make a copy of the XML file /etc/authorization. Fire up the Terminal application and type:
Next, let's begin editing the original.
sudo cp /etc/authorization /etc/authorization.orig
Still in the Terminal, use your favorite text editor and search for the
<key>system.login.console</key> line and find the
<key>mechanisms</key> entry. There's an array that follows this key.
If you are using Mac OS X 10.4 (Tiger):
If you are using Mac OS X 10.5 (Leopard):
That should be it—when you next log into your computer, you'll have your Kerberos credentials (again, only if you have a valid /Library/Preferences/edu.mit.Kerberos file and your using your SUNet ID and password to log into your Mac).
If you fat-finger your /etc/authorization file and can't log into your Mac, start up in single user mode. By default, your hard drive is read-only. Type
mount -uw / to make your startup volume read/writable.
Next, replace your /etc/authorization with your original file. Type
cp /etc/authorization.orig /etc/authorization
shutdown -r nowto reboot.