Save kerberos password in keychain for use with kinit on MacOS (was OS X) for use with network drives

I work for a company that uses and Active Directory domain for the internal network. Therefore, kerberos authentication is supported. MacOS also supports kerberos authentication, so I can replicate most of the single sign-on experience on my Mac. I wrote a simple shell script to get a kerberos ticket-granting ticket and mount the network drives:

#!/bin/bash
# get the local IP address
theIP=`/sbin/ifconfig | /usr/bin/grep "inet 10" | /usr/bin/grep -v inet6 | /usr/bin/cut -d" " -f2 | /usr/bin/cut -d. -f1`
# if IP address starts with 10 then I am probably on work's internal network
if [ $theIP -eq 10 ]; then
 /usr/bin/kinit -f  --enterprise --canonicalize username@company.com@COMPANY.COM
 /usr/bin/open 'smb://server.company.com/share'
fi

To make this script really useful, I save my password securely in MacOS's keychain so that kinit can grab it automatically. I use the following command in the terminal:
  

security add-generic-password -a "username@company.com" -l "COMPANY.COM (USERNAME)" -s "COMPANY.COM" -c "aapl" -T "/usr/bin/kinit"

After I create the keychain entry, I open the Keychain Access application and find the newly created entry so I can add the actual password.  I just double-click on the new entry.
In order to make it work properly, I add a backslash before the @ sign in the account name.  I also click the Show password checkbox, authenticate, and type my password in the box at the bottom of this window.
Then I click on the Access Control tab and grant access to Terminal so I can test the script.  Of course, I click Save Changes before closing the window.

That is it! Now the script can run without any intervention on my part. If I change my company password, I have to come in here to Keychain Access, click on show password, authenticate, and then change the password to the new one.

Comments

Post a Comment

Popular posts from this blog

Work standing up

Image
For heath and productivity reasons, I like to work standing up. My employer is rather slow at providing such accommodations, so I using the following setup made from printer paper: Then, someone raised a concern that in a minor earthquake, the monitor might fall onto my neighbor or out the window and requested I take down my setup. So I did, but then I found a solution to that problem by moving it over a bit on my desk.
Read more

Recording the iPhone screen and Mac screen at the same time in one video

Image
 I was browsing the Mac Power Users forum when I ran across this question : "I’m trying to figure out a way to record a demo of my web-based software simultaneously recording a desktop view and a mobile view. I basically want to use and interact with one browser window and have another browser window showing the same thing but with a mobile view. Thoughts?" I use QuickTime Player.  Connect your iPhone/iPad to your Mac with a lightning cable and start a New Movie Recording.  Pick your iPhone/iPad screen as the video source by clicking the little drop down arrow next to the red recording button.   You will get a window showing the contents of your device's screen.  There is no need to actually start recording this video. Leave that window open and start a New Screen Recording in QuickTime player at the same time.  Then just arrange your iPhone window and browser window on your screen and start recording.  You will see both things at the same time. ...
Read more

iChat IRC transport with OpenFire and Kraken

Long have I wanted the all-in-one functionality of Adium with the AV chat capabilities of iChat. I really wanted to use iChat for all my messaging needs. I have finally achieved my goal using Openfire , a free XMPP server, and the Kraken plug-in that provides the tranports for other instant messaging services. In my case, I am interested specifically in IRC, but I got my little-used MSN account working also for test purposes. Kraken provides many different tranports. I should clarify my goal a bit. I only care about AV capabilities for protocols that iChat officially supports so I have not tested anything beyond text chatting with MSN. I only use IRC for text chat anyway, no DCC or file transfers. What do you need? You need to install the Openfire server and the Kraken plug-in. The Current versions when I did this were Openfire 3.6.4 and Kraken 1.1.3.beta2. Openfire had a binary download for OS X Snow Leopard, but I had to build Kraken from source. Click on this direct link ...
Read more