[3793] in Release_7.7_team
[Fwd: MacAthena]
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 4 18:53:07 2003
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@mit.edu
Content-Type: multipart/mixed; boundary="=-HTpRvQJQEZ7r5HJE4Xm5"
Date: 04 Apr 2003 18:53:03 -0500
Message-Id: <1049500383.1616.6.camel@error-messages.mit.edu>
Mime-Version: 1.0
--=-HTpRvQJQEZ7r5HJE4Xm5
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
This looked like useful data in the realm of "what users would actually
want from a MacOS X Athena port," so I wanted to archive it somewhere
more appropriate than netbsd-dev, in case there is ever another push for
such a project.
--=-HTpRvQJQEZ7r5HJE4Xm5
Content-Disposition: inline
Content-Description: Forwarded message - MacAthena
Content-Type: message/rfc822
Return-Path: <dsk@MIT.EDU>
Received: from po12.mit.edu (po12.mit.edu [18.7.21.71]) by po12.mit.edu
(Cyrus v2.1.5) with LMTP; Mon, 31 Mar 2003 20:57:25 -0500
X-Sieve: CMU Sieve 2.2
Received: from grand-central-station.mit.edu by po12.mit.edu (8.12.4/4.7)
id h311vOhJ019697; Mon, 31 Mar 2003 20:57:24 -0500 (EST)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU
[18.7.21.86]) by grand-central-station.mit.edu (8.12.4/8.9.2) with ESMTP id
h311uQ49022839 for <netbsd-dev@mit.edu>; Mon, 31 Mar 2003 20:56:26 -0500
(EST)
Received: from mit.edu
(208-59-179-116.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com [208.59.179.116]) )
by melbourne-city-street.mit.edu (8.12.4/8.12.4) with ESMTP id
h311uQU8020588 for <netbsd-dev@mit.edu>; Mon, 31 Mar 2003 20:56:26 -0500
(EST)
Date: Mon, 31 Mar 2003 20:56:25 -0500
Mime-Version: 1.0 (Apple Message framework v551)
Subject: MacAthena
From: Duncan Kincaid <dsk@MIT.EDU>
To: netbsd-dev@mit.edu
Content-Transfer-Encoding: 7bit
Message-Id: <2535620A-63E5-11D7-B3BF-000393101654@mit.edu>
X-Mailer: Apple Mail (2.551)
X-Spam-Score: -1.8
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Content-Type: text/plain; charset=us-ascii; FORMAT=flowed
ladies and gentlemen,
there has been a lengthy thread on the macpartners list (a sampling
appears below)
regarding 'athena-sizing' OS X. what many of us would like is the sort
of integration offered PCs
in the WinAthena project.
have any of you been involved in any work along these lines?
anything to report?
many thanks for your kind attention
duncan kincaid
DUSP
(please feel free to forward msg to more suitable list, if there one)
Begin forwarded message:
> From: Duncan Kincaid <dsk@MIT.EDU>
> Date: Mon Mar 31, 2003 6:43:51 PM US/Eastern
> To: Tim Boyden <trboyden@PLANT.MIT.EDU>
> Cc: macpartners@mit.edu
> Subject: Re: Help with kerberized logon and home drive mapping for Mac
> OS X 10 .2
>
> tim
>
> i have been horsing with this concept as well, though haven't
> gotten past reading about technologies involved and a bit
> of scripting here and there. this is the holy grail
> as far as i am concerned.
>
> just last week i spoke with the winathena group and phil long of AC.
> i asked whether there was any work being done on exactly this problem
> for OS X.
> phil had said 'not really' and until someone asks, there won't be
> much in the way of resources devoted to it.' i said Course 11
> desperately want it, as would Course 4. if you too are interested
> (and any other macpartners), then dammit, let's let phil long and the
> AC
> people know.
>
> i'd be surprised if the moira / AD / kerberos integration is a fraction
> as hard as it was for the winthena project. there is great Mac
> talent with marshall vale and team at MIT. i bet if given the task,
> they
> wouldn't disappoint.
>
> and we might even get some apple engineers to help out--particularly if
> there were some promise of macs making their way into athena
> clusters...
>
> best
> duncan kincaid
> DUSP
>
>
> On Monday, March 31, 2003, at 06:15 PM, Tim Boyden wrote:
>
>> Hi Mac Partners,
>>
>> I'm working on a side project and I'm hoping someone can help out with
>> technical information, instructions, or a can or can't do
>> acknowledgment.
>>
>> Basically what I want to be able to do is have a user walk up to a
>> Mac with
>> OS X 10.2 and type their Athena username and password and be able to
>> log
>> into the Mac complete with Kerberos tickets and their Athena home
>> drive
>> mapping, preferably that is where their Mac OS X user profile would be
>> stored also.
>>
>> I've read various articles on how to accomplish this task via an LDAP
>> server
>> or a Windows 2000 AD Domain at the macosxlabs.org website, but so far
>> I have
>> only been able to accomplish having a user login with their Athena
>> username
>> and password and gaining Kerberos tickets. I'm stuck at having the
>> user
>> getting their home drive mapping mostly due to not knowing enough
>> technically about the Athena network structure. I know I can have a
>> logon
>> script map the user home drive, however I do not believe that would be
>> enough to allow me to save the user's profile there. Ideally the
>> situation
>> would be (similar to regular Athena machines) that the logon would
>> query the
>> user's home drive location from the Athena database which could be
>> mapped
>> (if I knew the correct configuration settings) in the Mac OS X
>> directory
>> services screen. Given that OS X and Athena are both UNIX based, I've
>> got to
>> imagine that settings from one (Athena) can be used by the other (Mac
>> OS X)
>> to accomplish the task or there is software that can be used or
>> ported to
>> get a similar outcome.
>>
>> Obviously I don't want to get into trouble or get someone else in any
>> trouble messing around with settings and configurations by trial and
>> error,
>> but if someone is in the know and can pass along relevant information
>> I
>> would appreciate it and I'll make up some documentation to share to
>> the
>> community. I know there is quite a few others who would be interested
>> in
>> this information to make their OS X deployments a lot easier given
>> the large
>> crowd at the recent NERCOMP meeting at Brandeis University.
>>
>> Thanks for any help that anyone can provide,
>>
>> Tim Boyden
>> MIT Department of Facilities
>> Applications & Desktop Services Team
> Hi Mac Partners,
>
> I'm working on a side project and I'm hoping someone can help out with
> technical information, instructions, or a can or can't do
> acknowledgment.
>
> Basically what I want to be able to do is have a user walk up to a Mac
> with
> OS X 10.2 and type their Athena username and password and be able to
> log
> into the Mac complete with Kerberos tickets and their Athena home drive
> mapping, preferably that is where their Mac OS X user profile would be
> stored also.
Okay...so right now, you can get a couple of things...
1) You can get kerb tickets when you log in. Apple's kbase article
107154
tells you how to do this.
<http://docs.info.apple.com/article.html?artnum=107154>
I use the post login authentication methods.
2) you can get AFS tickets automatically at login via a kerb plugin that
I've been noodling with...NOTE: It's worked well for me over the last
few
weeks. I make *absolutely* no claim as to stability or security, but I
haven't seen any major issues. It's in my locker, at:
<http://web.mit.edu/jwelch/www/files/aklog.loginLogout.sitx>
You need Stuffit Expander 7 for this archive. Un-stuff it on the mac,
and
create a directory in /Library called Kerberos Plug-Ins. Place the
unstuffed
file in /Library/Kerberos Plug-Ins/ and whenever you get Kerb tickets,
you'll get an AFS ticket as well.
3) If you go to <http://www.openafs.org/> you can download AFS for Mac
OS
X. If you change your local userid to match your AFS userid, then you
can
use AFS in the Finder. It ain't quick, but it works. If you change your
local UID, note that you're going to have to 're-own' your local home
directory and your files on any machine you do this on.
The real problem is the home directory issue. Right now, there's no real
tested procedural way to do this that I've seen, or that I would trust.
I'm
noodling with some things, but i haven't had time to really get into
them.
There's also the issues of dealing with mobile users, etc.
john
--
John C. Welch
Consultant III
Office Computing Practice (IS)
(617) 253 - 1368 work
(508) 579 - 7380 cell
bynkii2 AIM
>>
>
--=-HTpRvQJQEZ7r5HJE4Xm5--
