SshKerberosMac52014-04-30 06:14:32netjTicket Viewer app42013-02-22 00:49:17netjChanged to madmax* since there will be a few of madmax-class machines :)32012-11-23 05:36:00netjUpdated hosts to include all servers22012-09-28 03:56:58netjsimply "Mac" is clear over "Mac OS X" (old) vs. "OS X" (new)12012-09-28 03:54:11netjFirst draftUsing SSH with Kerberos from MacConfigure KerberosThe Kerberos Configuration Tool (KCT) app provided by Stanford's IT Services will prepare your Mac to work with @CS.STANFORD.EDU realm as well as many others, e.g., the default @stanford.edu. If you use the @CS.STANFORD.EDU realm most of the time, you might want to change the default realm in /Library/Preferences/edu.mit.Kerberos. This will let you omit the @CS.STANFORD.EDU part or even the entire argument when typing kinit commands. Configure SSHStanford IT Service's KCT app will add a few lines to your ~/.ssh/config resembling the following. You may want to enable a few more options to avoid some known issues since Lion (10.7). If you were using @stanford.edu for single sign-on (to corn/cardinal farmshare machines or WebAuth), and/or want to use @CS.STANFORD.EDU realm along with it smoothly, you should specify which principal each host expects explicitly in ~/.ssh/config. SSH logins will then work for hosts in both realms regardless of your active Kerberos credential cache. Otherwise, you will have to go through the hassle of switching back and forth with at least kswitch -i command each time you login to a host in different realm. GUI for Managing/Refreshing Kerberos TicketsThere's an excellent app built-in to OS X for managing Kerberos tickets, called Ticket Viewer. (No need to rely on tedious klist/kinit commands from Terminal or other crappy Kerberos login apps.) This gem is hidden in an obscure place: /System/Library/CoreServices/Ticket Viewer.app. You can open it once by navigating to the location with Finder (Cmd+Shift+G) or from Terminal (open ... command), and keep the icon on your Dock to make it handy. Screenshot of Ticket Viewer ReferencesKerberos Preferences on Mac OS X Documentation Installing Kerberos On Mac OS X - CSAIL, MIT Using SSH and GSSAPI authentication - SLAC, Stanford Tips on Credential cache server - KCM - HEIMDAL