Single Sign-On

Where exactly did you want SSO? Some things can we scripted like mounting drives.

We've been casually trying to pass over to a SSO environment as well. I can't tell you what has been working -- but I can say that the biggest obstacle we face currently is our company's proxy filter.

It's requires authentication and we can't get the login credentials for the mac to hand off to it. From what we've researched it sounds like a common problem. We might look at running our own proxy for the mac users (as it's been described in this mailing list before, I believe).

We've been focused on doing it natively as well. What things do you currently employ from AdmitMac that you know you can't live without?

ben janowski
Senior Macintosh Support Technician
Kohl's Mac Support Team
262.703.1396 | benjamin.janowski at kohls.com

We've the same issue re: proxy. Our websense proxy only allows NTLM, but there is an updated version that supports Kerberos. Just gotta give someone a kick to start testing it.

Regards,

Ben.

Fortunately our proxy does not require authentication, however our file servers and print servers do. They work perfectly with ADmitMac's SSO, and I doubt our users would be willing to lose that.

Generating TGT's at login has been great here.

I implemented this as both a standalone script with policy and also as part
of my first_boot script for newly imaged machines. This works with our
2008r2 file & print servers as well as the few "kerberized" things I have
running on some xServes.

#!/bin/bash

# allow creation of Kerberos TGT @ login per
http://support.apple.com/kb/HT4100
/usr/libexec/PlistBuddy /etc/authorization -c "Add
rights:system.login.console:mechanisms: string builtin:krb5store,privileged"

Ryan M. Manly
Glenbrook High Schools