Answer: The kerberos5 package available via macports conflicts with kerberos included in Mac OS. Uninstall kerberos5 from macports and reboot your Mac. Aklog should now work. Uninstall kerberos5 from macports and reboot your Mac. Aklog should now work.
I am trying to kerberize my RESTful backend and I am not seeing anywhere in the GSS-API documentation how could I add a user/service - i.e., I understand the authentication process with GSS-API, but not the signup process. To make my question simpler : kinit is the command line tool used to add principals, is there an equivalent for GSS-API ? If the answer is no - should I go and look at the kinit source code and port it to my project (using system('kinit ...') raises security questions/problems so I am not thinking about using it) ?
1 Answer
Users should be added to the Kerberos database using API provided by Kerberos Distribution Centre. In Microsoft Active Directory, KDC uses LDAP as its database, so users can be added/removed using JNDI, as described here: http://cyberlizard.livejournal.com/120080.html.
kinit not a tool for adding users but for (simply speaking) 'logging in', or (technically speaking) it's a tool that 'obtains and caches an initial ticket-granting ticket for principal' (see: http://web.mit.edu/kerberos/krb5-devel/doc/user/user_commands/kinit.html), i.e. it takes credentials (i.e. for example principal and password, connects to KDC and tries to receive initial TGT from it. Client).
