Access Keys:
Skip to content (Access Key - 0)

Acquiring Kerberos Tickets in Mac OS X 10.7 (Lion) or OS X 10.8 (Mountain Lion)

Primer

  • Apple is no longer using MIT Kerberos in OS X Lion (10.7) or OS X Mountain Lion (10.8). Instead, it is using a version of Kerberos called Heimdal.
  • Much of the logic used to acquire tickets in 10.5 and 10.6 has been removed, thus the process to get Kerberos tickets has changed in 10.7 and later.
  • This new procedure will allow users to get Kerberos tickets from MIT's servers and use Kerberos-based applications (such as SAPgui).
  • OS X Lion and Mountain Lion will not automatically prompt users to acquire Kerberos tickets; Apple has removed this functionality.

Instructions

  1. Download and install Kerberos Extras for Mac.
    Note: Kerberos Extras has been updated to add compatibility for Lion and Mountain Lion. If your instance of Kerberos Extras was installed before October 1, 2011, please install Kerberos Extras again.


  2. Launch Ticket Viewer.app.
    Note: Kerberos Extras will place a shortcut for Ticket View.app in the Dock. If the shortcut has been removed, navigate to /Applications/Utilities and launch the application from there.
    Utilities

  3. From the Ticket Viewer window, select the button labeled Add Identity.
    Ticket Viewer

  4. Enter your Kerberos username and password when prompted and press the button labeled Continue.

    Optional: You can select the checkbox for Remember password in my keychain if you would rather skip this step in the future.
    Name and Password fields

  5. You will now have a valid Ticket Granting Ticket (TGT) listed in Ticket Viewer.
    Ticket Viewer with TGT

  6. You will now be able to run Kerberos-based applications (SAPgui, etc).
  7. To destroy Kerberos tickets after a session, simply launch Ticket View.app, select the tickets to be deleted by clicking the x, and then select Remove Identity.
Note: The Kerberos ticket listed in Ticket Viewer has an expiration date. After this date and time (or if a user logs out/shuts down the computer), a new Kerberos ticket must be acquired to use Kerberos-based applications. Mac OS X will not automatically prompt users to acquire Kerberos tickets; Apple has removed this logic from Mac OS X 10.7 and later.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

January 03, 2014

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
kerberos kerberos Delete
extras extras Delete
mac mac Delete
tickets tickets Delete
ticket ticket Delete
vewier vewier Delete
lion lion Delete
apple apple Delete
os os Delete
x x Delete
authentication authentication Delete
sapgui sapgui Delete
fetch fetch Delete
c-kerberos-mac c-kerberos-mac Delete
mountain mountain Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki