Hello,
at our school we are using a kerberos proxy. Now we will introduce ipads. In my tests I have set this proxy in wifi settings. On next internet connection I was asked for my account credentials. After that I had full access to internet with ALL apps.
Obviously ios has set up a network relay which handles the kerberos authentication for the while device.
I have searched for documentation on this topic, but you will find only docs for kerberos with SSO and per app tickets.
Do someone has hints for this? Especially where are the password for the kerberos authentication stored on the ipad - it is not the same as in the wifi proxy settings!
With regards,
Helge
Kerberos
RSS for tagUse the Heimdal implementation of Kerberos for secure authentication on Apple devices.
Posts under Kerberos tag
3 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
If "send and receive" on imessages has my Microsoft work email address, can my imessage content be synched with Microsoft ?
Because I recently logged into our big data system through SSH client using my work email address, on a Console I saw one of my imessage thread printed.
I reached Microsoft and their reply was to get advise reaching out to Apple support as their knowledge of iMessage is limited. Based on general knowledge about data protection the messages are most likely not synced unless there is a setting that you can allow from my side.
PLEASE HELP ! This is a Mystery !!
I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login.
sudo
# sudo: auth account password session
auth include sudo_local
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
authorization
# authorization: auth account
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache
auth optional pam_ntlm.so use_first_pass
auth sufficient pam_smartcard.so use_first_pass
account required pam_opendirectory.so
Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ?
Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ?
Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.