Home > Mac administration, Mac OS X Server > Utterly killing Kerberos on your Open Directory Master.

Utterly killing Kerberos on your Open Directory Master.

Recently, I got an email from one of the mailing lists I’m on asking if anybody knew how to stop an Open Directory’s Kerberos server and keep it stopped. It’s not generally a good idea to kill your Kerberos service on your OD Master, but if you have a circumstance where you need it, here’s a way to kill it and keep it dead.

After creating your OD Master and verifying that everything is running the way it should be, open Terminal and enter the following command:

sudo sso_util remove -k -a <admin username> -p <password>

When this process is done running, all keytabs and the kadmin process on your OD Master will be killed. To be thorough, you may want to run the other following commands:

sudo rm /etc/krb5.keytab
sudo rm /Library/Preferences/edu.mit.Kerberos

What I’ve described above will kill Kerberos and stop it running. Unfortunately, what I don’t know is how to restart it after it’s been killed (short of an erase and fresh install) so don’t do this unless you need it. As always, also please test this carefully before doing it on your production box.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: