A lot of stuff regarding Kerberos is broken on Lion. Some say everything.
One thing that hit us soon after trying out Lion was that Chrome was not working with Kerberos anymore. We found the problem was with the "AuthServerWhitelist" parameter.
We could fix it for network users with a change in the OD:
- Access the opendirectory in the workgroup manager
- choose your main user group
- switching to "manage preferences" in the button bar
- going to the "Details" tab
- Press +
- choose Google Chrome
- Select "Always"
- click on "New Key"
- Enter "AuthServerWhilelist" and give it the string value "*.<yourdomain.com>".
- Apply, and your done.
It's more difficult for local users. There you need to access the local directory on the client.
You can do this in Lion with the building "Open Directory Utility" but it cumbersome.
I streamlined this by learning a bit of dscl:
sudo dscl . mcxset /Users/<USER> com.google.Chrome AuthServerWhitelist always '*.<yourdomain.com>'
Replace USER and YOURDOMAIN, enter into terminal. Done.
Keine Kommentare:
Kommentar veröffentlichen