-
All replies
-
Helpful answers
-
Sep 23, 2011 7:21 AM in response to Bob Violenceby Antonio Rocco,★HelpfulHi
Kerberos is used extensively in Single Sign On (SSO) environments. This would typically be medium-to-large Coporate or Educational institutions running instances of Windows Active Directory and possibly Apple's Open Directory or even a mixture of the two. There are other manufacturers that offer their own bespoke offering such as Novell but I'm seeing less and less of this now-a-days. Regardless, all of these technologies have one thing in common; they are based on Open Source OpenLDAP:
http://www.openldap.org/project/
At its simplest LDAP (Lightweight Directory Access Protocol) is a database (or series of databases) that can 'contain' information about all sorts of things which can be easily distributed or shared.
If you're not in any of these types of environments and your laptop has not been bound and/or joined to a networked domain and essentially you're in a single user, residential home environment I would ignore it.
FWIW I see this 'error' also even in 10.6 and like a lot of things that are logged by the OS it does not necessarily mean there's anything wrong. For some things Console can be overly verbose and may 'frighten' the unwary into thinking there's something wrong when actually there isn't.
Having said all that and apart from what is being logged, are you actually having any problems?
HTH?
Tony
-
Sep 23, 2011 8:29 AM in response to Antonio Roccoby piperspace,This reference states that there has beenn a local KDC on each Mac since Leopard 10.5.
http://www.afp548.com/article.php?story=20080709091503862
Maybe that is the problem?
-
Sep 23, 2011 8:33 AM in response to piperspaceby Antonio Rocco,Hello piperspace
There has indeed been a Local Key Distribution Centre on client and server OS since 10.5. But that's not quite the same as Kerberos in a Single Sign On enviroment. My response to OP was not based on the LDKC. The link is useful for OP for further background reading and understanding.
Tony
-
Sep 23, 2011 8:48 AM in response to Antonio Roccoby Bob Violence,Tony,
Thanks, that's a helpful explanation. As far as I can tell, even when I'm using this computer on an institutional network I don't need to use Kerberos—which is why I'm confused about the logging. If I'm not using it, why is it trying to establish a kdc node?
There is an additional problem. In the system keychain, there are multiple copies of the com.apple.kerberos.kdc and com.apple.systemdefault certificates, as well as public/private keys associated with each. Every time the system is restarted, new certificates and keys are created. So maybe I’ve got a Keychain problem, not a Kerberos problem...
-
Sep 23, 2011 12:56 PM in response to Bob Violenceby Bob Violence,The problem seems to be that /Library/Preferences/com.apple.security.systemidentities.plist was corrupted. I moved the file to a different location and restarted, and the Console messages have gone away and the Keychain seems to be acting normally. So I think my problem is solved!
-
Jan 1, 2012 9:39 PM in response to Bob Violenceby Mr. Steveo,Had similar problem on my Mac as well, running 10.7.2. This stumped me for the longest time and I finally decided to get into it. Here was my problem:
1/1/12 9:26:26.271 PM com.apple.launchd: (com.apple.Kerberos.digest-service[482]) Exited with code: 1
1/1/12 9:26:26.271 PM com.apple.launchd: (com.apple.Kerberos.digest-service) Throttling respawn: Will start in 10 seconds
1/1/12 9:26:26.830 PM com.apple.launchd: (com.apple.Kerberos.kdc[483]) Exited with code: 1
1/1/12 9:26:26.830 PM com.apple.launchd: (com.apple.Kerberos.kdc) Throttling respawn: Will start in 10 seconds
This would happen continuously, non-stop. Eventually I tracked down the plist files related to these, located in System/Library/LaunchDaemons. I pulled the files to the desktop and restarted and now the errors have ceased in console. The question is.... what have I sacrificed/lost in doing this, as I noted the .plist files I pulled did not regenerate after restart
-
Aug 8, 2012 9:21 AM in response to Mr. Steveoby reesd,I started seeing this problem after upgrading to 10.7.4 (and then doing a System Update) from 10.6.8.
Deleting (with backup) the file /System/Library/LaunchDaemons/com.apple.Kerberos.digest-service.plist and rebooting stopped the error messages. Of course I am not sure if something on my Mac needs the digest-service which will cause problems down the road.
FYI, Bob's suggestion of /Library/Preferences/com.apple.security.systemidentities.plist didn't work for me.
-
Oct 1, 2012 10:29 AM in response to Bob Violenceby reesd,FYI, Running "sudo /usr/libexec/configureLocalKDC" as recommended here - https://discussions.apple.com/message/10159170?messageID=10159170#10159170?messa geID=10159170 fixed the problem for me.