Installing kx509 for Netscape on Mac OSX
IMPORTANT: Before you begin, make sure that your computer's time and tim e zone are correct. Portal authentication will not work if your computr's clock is more than five minutes from the Kerberos server.
Make sure you have Kerberos 5 and OpenSSL support on your system by verifying that you have the files:
Most OSX systems come with this pre-installed. If you do not have them, have your system administrator install them, or download and install it yourself from the MIT Kerberos Distribution Page.
The following steps require administrator privileges.
If you already have a /etc/krb5.conf file, it is suggested that you save a copy to /etc/krb5.conf.save. Make sure there is only one kerberos configuration file on your hard disk. Some systems have a /Library/Preferences/edu.mit.Kerberos file which should be moved or removed, as it overrides the /etc/krb5.conf
Download the following zip archive file by holding the mouse button down on it until this menu appears:
and using the "Save Link Target As" selection.
Use "Finder" to unzip the downloaded file (select File -> Open With -> BOMArchiveHelper or double-click on the .zip file if you have Stuffit 9.0 or later installed). A kx_install directory will be created. Note that you must user "Finder" to properly unzip the file. The command line equivalent will not work.
Using "Finder" again, enter the kx_install directory. You will need to manually perform the following copies as the root user:
krb5.conf --> /etc/krb5.conf
Now you should exit from the root user and execute the "kin" command. It will prompt you for your Kerberos password. If successuful, it will create a temporary certificate good for several hours and print a message something like the following. The "notAfter" field indicates when the certificate will expire, and you must again run the "kin" command:
When this certificate expires you will need to issue the kin command again.
Using "Finder", double-click on the downloaded KX509Installer file. It should be designated with the following logo:
It will bring up a "Debug Window" and prompt you with the following dialog:
Enter your password for the local machine
You will next be prompted with the following dialog. Click "Continue".
When prompted with the following KX509Installer dialog, click "Install".
A dialog will be shown indicating the install progress. When complete, you will be prompted with "Are you sure you want to install this security module?". Click OK.
Click "Continue on the following dialog:
Click "OK" on the following dialog:
Click "OK" when prompted with "A new security module has been installed". After which you will see the following:
To provide a chain of authentication, your browser needs the following certificates. For each of these, download them by clicking on them.
For each certificate you will be presented with the following dialog. Check "Trust this CA to identify web sites." as shown, and then click "OK".
4. Try It
The MGRID portal is accessable from this web page and has the interface shown below.
The first time you use this web site you may be given the following warning. Select "Accept this certificate permanantly":
If you have not authenticated properly, you will get the following message:
To re-authenticate, re-run the kin script.