-
Notifications
You must be signed in to change notification settings - Fork 87
Kerberos
Daniel Markstedt edited this page Jan 12, 2024
·
1 revision
Below are the basic steps needed for SSO with Active Directory.
First you must generate a Kerberos service principal for the Netatalk AFP server in AD. This is done with the CLI tool "ktpass" on Windows. The basic syntax is:
ktpass -princ afpserver/fqdn@REALM -mapuser mapuser@domain +rndPass -out afpserver.keytab
- fqdn: fqdn of your Netatalk server
- REALM: Kerberos realm name of AD domain
- mapuser@domain: name of new user who's password is set to never expire
Full example:
ktpass -princ afpserver/[email protected] -mapuser [email protected] +rndPass -out afpserver.keytab
- Copy the keytab to your Netatalk server and set the afp.conf 'k5 keytab' option to the path where you stored it.
- Enable the GSS UAM (add uams_gss.so to 'uam list' in afp.conf -- must be compiled of course)
Example:
[Global]
...
k5 keytab = /etc/krb5/afp.keytab
uam list = uams_dhx2.so uams_guest.so uams_gss.so
Resources
OS Specific Guides
- Installing Netatalk on Alpine Linux
- Installing Netatalk on Debian Linux
- Installing Netatalk on Fedora Linux
- Installing Netatalk on FreeBSD
- Installing Netatalk on macOS
- Installing Netatalk on NetBSD
- Installing Netatalk on OmniOS
- Installing Netatalk on OpenBSD
- Installing Netatalk on OpenIndiana
- Installing Netatalk on openSUSE
- Installing Netatalk on Solaris
- Installing Netatalk on Ubuntu
Technical Docs
- CatalogSearch
- Kerberos
- Special Files and Folders
- Spotlight
- AppleTalk Kernel Module
- Print Server
- MacIP Gateway
Development