OS X: How to enable Kerberos authentication for shared printers

Learn how to enable Kerberos authentication for shared printers for both Active Directory and Open Directory-based systems.

Log in as an administrator to follow these steps. (The first user account created in OS X is an administrator account.)

To configure for Active Directory

  1. Add the Active Directory server to the list of DNS server:
    1. Open System Preferences, choose Apple menu > System Preferences…
    2. Choose View > Network.
    3. If the padlock in the lower left is locked, click it and enter an administrator name and password to unlock.
    4. Enter "DNS" in the search field and press return.
    5. Click "+" under the "DNS servers:" pane, enter IP address of the Active Directory server.
    6. Click "+" under the "Search Domains:" pane, enter Active Directory domain name.
  2. Bind to Active Directory server through Users & Groups pane:
    1. Open System Preferences, choose Apple menu > System Preferences…
    2. Choose View > Users & Groups.
    3. If the icon in the lower left is locked, click it and enter an administrator name and password to unlock.
    4. Click "Login Options".
    5. Click "Join…" button next to "Network Account Server:".
    6. Enter the hostname of the Active Directory server, then click OK.
    7. Enter credentials for the Active Directory server.
  3. Execute the following Terminal command to enable the CUPS web interface:
    • cupsctl WebInterface=yes
  4. Open the URL "http://localhost:631/printers" in Safari.
  5. For each printer you wish to share using Kerberos:
    1. Click the printer name in the list.
    2. Choose "Set Default Options" from the "Administration" pop-up menu.
    3. Click "Policies".
    4. Choose "kerberos" from the "Operation Policy:" pop-up menu.
    5. Click "Set Default Options".
  6. Once you have completed this process, run this command in Terminal:
    • cupsctl WebInterface=no

To configure for Open Directory

  1. Bind to Open Directory server through Users & Groups pane.
    1. Open System Preferences, choose Apple menu > System Preferences…
    2. Choose View > Users & Groups.
    3. If the padlock in the lower left is locked, click it and enter an administrator name and password to unlock.
    4. Click "Login Options".
    5. Click the "Join…" button next to "Network Account Server:".
    6. Enter the hostname of the Open Directory server, then click OK.
  2. Execute the following Terminal command to enable the CUPS web interface:
    • cupsctl WebInterface=yes
  3. Open "http://localhost:631/printers" in Safari.
  4. For each printer you wish to share using Kerberos:
    1. Click the printer name in the list.
    2. Choose "Set Default Options" from the "Administration" pop-up menu.
    3. Click "Policies".
    4. Choose "Kerberos" from the "Operation Policy:" pop-up menu.
    5. Click "Set Default Options".
  5. Once you have completed this process, run this command in Terminal:
    • cupsctl WebInterface=no

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information.

Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)