Installing kx509 for Firefox on Mac OSX
IMPORTANT: Before you begin, make sure that your computer's time and time zone are correct. Portal authentication will not work if your computr's clock is more than five minutes from the Kerberos server.
Make sure you have Kerberos 5 and OpenSSL support on your system by verifying that you have the files:
Most OSX systems come with this pre-installed. If you do not have them, have your system administrator install them, or download and install it yourself from the MIT Kerberos Distribution Page.
The following steps require administrator privileges.
If you already have a /etc/krb5.conf file, it is suggested that you save a copy to /etc/krb5.conf.save. Make sure there is only one kerberos configuration file on your hard disk. Some systems have a /Library/Preferences/edu.mit.Kerberos file which should be moved or removed, as it overrides the /etc/krb5.conf
Download the kx509-osx-tar-gz file by holding the mouse button down on and selecting "Save Link As...". You should save this file in your home directory.
You will need to manually perform the following install from a shell window:
Now you should be able to execute the "kin" command. It will prompt you for your Kerberos password. If successuful, it will create a temporary certificate good for several hours and print a message something like the following. The "notAfter" field indicates when the certificate will expire, and you must again run the "kin" command:
When this certificate expires you will need to issue the kin command again.
To provide a chain of authentication, your browser needs the following certificates. For each of these, download them by clicking on them.
For each certificate you will be presented with the following dialog. Check "Trust this CA to identify web sites." as shown, and then click "OK".
4. Try It
The MGRID portal is accessable from this web page and has the interface shown below.
The first time you use this web site you may be given the following warning. Select "Accept this certificate permanantly":
Next you will be shown the warning below, at which just click "OK" (This is an unfortunate bug with the most recent Firefox release (220.127.116.11)):
If you have not authenticated properly, you will get the following message:
To re-authenticate, re-run the kin script.