NAME
kkeerrbbeerroossaauuttooccoonnffiigg - Kerberos - Open Directory Single Sign On
SYNOPSIS
kkeerrbbeerroossaauuttooccoonnffiigg [-ff directorynode] [-oo outputdir]
[-rr realmname -mm masterkdc] [-uu] [-kk]
[-vv debuglevel]
DESCRIPTION
The kkeerrbbeerroossaauuttooccoonnffiigg command creates the edu.mit.Kerberos file frominformation stored in the open directory config record named Ker-
berosClient. The existing edu.mit.Kerberos file is only replaced if theautogenerated header is present and the generationid in the Ker-
berosClient config record is greater than that within the file. Thedefault location of the output file is /Library/Preferences/edu.mit.Ker-
beros. If the machine is standalone, this command will do nothing (unlessthe -u option is used) Defifintions
directorynode An open directory node path specifier. Such as /LDAPv3/127.0.0.1 outputdir The directory in which kkeerrbbeerroossaauuttooccoonnffiigg deposits the edu.mit.Kerberos file realmnameName of the Kerberos realm that will be the default when creat-
ing a file from scratch masterkdc Host name of the master KDC for the default realm when creating a file from scratch debuglevel Specifies the amount of debugging information printed to stdout, default is 1 Flags:-ff Tells kkeerrbbeerroossaauuttooccoonnffiigg to look in the specified open directory
node for the KerberosClient config record.-oo Specifies the directory in which kkeerrbbeerroossaauuttooccoonnffiigg will write
the new edu.mit.Kerberos file into-rr kkeerrbbeerroossaauuttooccoonnffiigg can create an edu.mit.Kerberos file from
information passed on the command line. Use the -r and -m flags
to specify the default realm and master KDC for that realm.-mm See above
-kk Adds the default Kerberos logging directives to the config file
(useful when setting up a kdc)-uu Forces an update of the file. Will overwrite an existing non-
autogenerated edu.mit.Kerberos file. Use with caution.-vv Specifies the amount of debugging information printed to stdout,
default is 1 FILES /Library/Preferences/edu.mit.Kerberos The main Kerberos config file (also known as krb5.conf on other systems)SEE ALSO
DirectoryService(1), Kerberos(1), kdcsetup(8), krb5.conf(5)BUGS
kkeerrbbeerroossaauuttooccoonnffiigg looks for the KerberosClient config record in each ofthe open directory nodes on the search path. It merges the realm informa-
tion from any KerberosClient config records it finds, but it only checks the generationid from the first config record found. This means that the file does not get updated if the second KerberosClient record found changes. HISTORY kkeerrbbeerroossaauuttooccoonnffiigg first appeared in Mac OS X 10.3 Darwin December 21, 2019 Darwin