Kerberos

RSS for tag

Use the Heimdal implementation of Kerberos for secure authentication on Apple devices.

Posts under Kerberos tag

3 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

kerberos without SSO on ios
Hello, at our school we are using a kerberos proxy. Now we will introduce ipads. In my tests I have set this proxy in wifi settings. On next internet connection I was asked for my account credentials. After that I had full access to internet with ALL apps. Obviously ios has set up a network relay which handles the kerberos authentication for the while device. I have searched for documentation on this topic, but you will find only docs for kerberos with SSO and per app tickets. Do someone has hints for this? Especially where are the password for the kerberos authentication stored on the ipad - it is not the same as in the wifi proxy settings! With regards, Helge
0
0
192
2w
iMessage content on iPhone displayed on SSH Bitvise Client on the Windows Laptop !
If "send and receive" on imessages has my Microsoft work email address, can my imessage content be synched with Microsoft ? Because I recently logged into our big data system through SSH client using my work email address, on a Console I saw one of my imessage thread printed. I reached Microsoft and their reply was to get advise reaching out to Apple support as their knowledge of iMessage is limited. Based on general knowledge about data protection the messages are most likely not synced unless there is a setting that you can allow from my side. PLEASE HELP ! This is a Mystery !!
1
0
540
Jun ’24
Unable to use custom PAM with /etc/pam.d/authorization
I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login. sudo # sudo: auth account password session auth include sudo_local auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so authorization # authorization: auth account auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache auth optional pam_ntlm.so use_first_pass auth sufficient pam_smartcard.so use_first_pass account required pam_opendirectory.so Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ? Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ? Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.
0
0
574
May ’24