LKDC

From Wikifications
Revision as of 16:06, 12 May 2008 by Dre (Talk | contribs) (Resources)

Jump to: navigation, search

The local KDC in Leopard is pretty rad. This page will be a jumble of research and various investigations regarding the LKDC.

Discovery

The LKDC realm name of a remote Mac OS X machine may be discovered as follows:

dns-sd -Q "_kerberos.donk.local" txt

Replace "donk" with the rendezvous name of a Leopard machine on your local network (can test on yourself if needed).

The result is a string of hex characters. This command does not terminate, so control-C to stop it. Now take the hex and run it through xxd -r -c 256.

xxd -r -c 256

<paste in the hex string, press return>

The result is the LKDC realm name, such as LKDC:SHA1.8B0FBACC08E3152A473A68D303E297A13CAA3AFD


Resources

This documents how to kerberize ssh / sshd, but does not leverage the LKDC. This is more of a manual / traditional approach that requires defining the remote realm in the client's kerberos configuration.


Exploring Leopard with DTrace - was useful in determining how some of the service clients interact with Kerberos.


Daemons and Agents. Fantastic technote by Quinn. This helped me understand a bit more about the mach service that is provided by LKDCHelper.


Multicast DNS libraries for Ruby


Discovering local identity services. Outlines several methods for dynamic discovery of how to bootstrap authentication sessions with a remote system.


This expired draft documents how kerberos realm information might be discovered using multicast dns.


multicast DNS service types


This expired draft documents multicast DNS in general


Kerberos install document; this section documents how Kerberos finds realm information.