**Hi Apple Developer Community, Good Morning ** My Personal MacBook Air M1: Mac OS: Sequoia, Version 15.0 Please note, this is my personal MacBook and I am the only one who is using it. I can see System Configuration, Configuration Profiles and Kerberos on my personal MacBook Air M1 System Folder ---> Library ----> Configuration profile, System Configuration folders ?. Attaching herewith the snapshot of the same. Can some throw light on the same. Do I need to remove the configuration profile, system configuration from my personal MacBook Air M1 which is seen in System Folder ---> Library ----> Configuration profile, System Configuration folders ? Also, I cannot edit the user in my name. **Kindly assist me with the same. Thanks and Regards,** Omkar

Hi, we are using the EXTSINGLESIGNONKERBEROS from Ivanti (MobileIron) MDM server in order to get the Kerberos authentication against our SharePoint and OneDrive system running. This worked perfectly fine with the iOS system while we are retrieving the password popup from the iOS SSO Extension. For all the calls we made against our server the system just used the Kerberos ticket for the connection. Now we faced an issue with the WKWebView. We are opening images in the WKWebView but this happens completely without any connection inside the WKWebView. We loading the data of the image upfront and open the WKWebView with a local path from the iPhone / iPad. Somehow after the WKWebView loaded the content our connection does not use our Kerberos ticket anymore. All our calls fail with 401 (because we are not adding any user information to our request - the system Extension is doing it automatically). Just after a restart of the app the Kerberos ticket is added to our request again. Does anyone know why this happens? I already tried to write the cookies from the NSHttpCookieStorage SharedStorage to the WKWebView cookies but no success. If we use WKWebView but not loading any content Kerberos is still working after closing the page. It only happens once LoadUrl, LoadData, etc processed. Any additional help or idea would be appreciated. Thank you.

I'm looking for API to add a new kerberos credentials to macOS internal ticket store. Basically, I'd like to replace the whole authentication process with a proprietary component and not rely on the OS kerberos implementation, and get the following items: Client-to-server ticket encrypted using the resource's secret key. A new Authenticator encrypted using Client/Server Session Key I'd like to set these 2 items where the OS keeps these items to be used when communicating with the resource itself. Also, I'd like to keep another kerberos item retrieved after the first communication with the resource and it's used for SSO to allow additional request to the resource for a certain period of time. this item is the timestamp found in client's Authenticator encrypted using the Client/Server Session Key Is there an API I can use to inject those items to where the OS keeps the kerberos Items so it can use them when it access the resource itself.

Hello, we are trying to implement the Kerberos SSO extension for iOS App. Corresponding MDM Profile is registered in Blackberry UEM und pushed to iPad. Wenn we navigate to certain URL (for example with Safari),   public func beginAuthorization(with request: ASAuthorizationProviderExtensionAuthorizationRequest) method in our extension is being invoked. As far as we understand, we have to fill the appropriate authorization headers, but we do not know exactly what is being expected. We assume that we have to build headers with the help of GSS Framework, but we are not sure about this The documentation does not help us enough. Could you please give us a sample code for handling of beginAuthorization(...) that can be used in the SSO extension. Thank you in advance for help. Best Regards, Alexander Smoljar

Good Morning, If I wanted to have my Mac (or others) register their DNS name in Active Directory DNS, outside of setting DNS to accept unsecured registrations, how do we accomplish this on a Mac? Is this even possible? If there is a better forum for these types of questions, please let me know. Thanks, Blind

I have a notarized application that's embedding a lots of frameworks. When installed on Big Sur, it can be run normally as a local non admin user. When executed as Active Directory user however I'm getting the following error message: "The application with bundle ID x.y.z is running setugid(), which is not allowed. Exiting." I removed all calls to setegid and that sort, traced calls with dtruss and I'm pretty sure no privilege elevation is being done. Any help would be much appreciated.

We have a Hybrid iOS Application build on Cordova Plugin, and it worked with Old Kerberos SSO -credential based authentication. Recently, we have updated the New Kerberos based SSO by following the presentation ( https://developer.apple.com/videos/play/tech-talks/301/ ) . After which the hybrid app is not prompting for the HTTP response challenge, but it should support for the New Kerberos SSO – credential-based authentication. We could see the response header has the below attribute for SSO handshake challenge.   Www-Authenticate: Negotiate, Basic realm="IBM Security Access Manager for Web" But the auth prompt screen is not appearing, and connection is throwing with 401-unauthenticated response. Note : We can see this below prompt for Old Kerb -SSO but it’s not showing up after New Kerberos SSO. System Specification: XCode – 13 Cordova 6.2.0 iPad -15.0 Please let us know if any solution would solve this. Thanks

Connect to windows server 2012 shared file smb by MacOS Monterey I must input accout and pwd every time ?how to fix it