How to Set Up Kerberos Authentication to Access the EDW on macOS

Note: The EDW team cannot provide detailed technical support on using non-Windows machines to connect directly to the EDW. Mac instructions are provided as a courtesy based on feedback from users.

In order to connect to the EDW using MacOS, you will need to update (or create) your Kerberos configuration file (krb5.conf). The krb5.conf file contains Kerberos client configuration information that will be necessary to connect to the EDW. This file should be located in your /etc/ directory.

Before You Start

You'll need:

Valid UW NetID and password
Administrator access on your Mac (you'll need your Mac's admin password)

If you're off-campus: Connect to UW VPN first

Step 1: Set Up Kerberos Authentication (One-Time Setup)

What this does: Tells your Mac how to authenticate with UW's systems.

Open Terminal (Applications > Utilities > Terminal)
Copy and paste this code into the terminal: sudo nano /etc/krb5.conf
- You'll be prompted for your Mac's admin password (not your UW password)
Copy and paste the configuration below into the file which will be viewable in the terminal:

[libdefaults]
    default_realm = NETID.WASHINGTON.EDU
    ticket_lifetime = 24h
    forwardable = true

[realms]
    NETID.WASHINGTON.EDU = {
        admin_server = _kerberos._tcp.netid.washington.edu
        kdc = ezra.netid.washington.edu
        kdc = ahsoka.netid.washington.edu
        kdc = leia.netid.washington.edu
        kdc = kanan.netid.washington.edu
        kdc = obiwan.netid.washington.edu
        default_domain = NETID.WASHINGTON.EDU
    }

[domain_realm]
    netid.washington.edu = NETID.WASHINGTON.EDU
    .netid.washington.edu = NETID.WASHINGTON.EDU
    .s.uw.edu = NETID.WASHINGTON.EDU

4. Save the file: Press Control + O, Enter, then Control + X

5. Test your setup - make sure you can reach UW's servers: ping ezra.netid.washington.edu

- You should see successful ping responses. Press Ctrl + C to stop.

Step 2: Get Your Authentication Ticket

What this does: Logs you into UW's system and creates a 24-hour access pass.

Get your ticket: kinit yournetid@NETID.WASHINGTON.EDU
- Replace yournetid with your actual UW NetID
Enter your UW password when prompted
Verify it worked: klist
- You should see: Your NetID and an expiration time (usually 24 hours from authenticating)

Your Kerberos authentication is now ready! You can use it with any SQL client that supports Kerberos authentication to connect to EDW.

For Future Sessions

Before each work session:

Run kinit yournetid@NETID.WASHINGTON.EDU in Terminal
Enter your UW password
Use your SQL client to connect to EDW

To check if your ticket is still valid: klist

To clear your ticket when finished: kdestroy

Troubleshooting First-Time Issues

Authentication Problems

Error: "KDC reply did not match expectations"

Make sure the realm is exactly NETID.WASHINGTON.EDU (all uppercase)
Double-check your NetID spelling

Error: "Client not found in Kerberos database"

Check your NetID is correct
Make sure you're using the format: yournetid@NETID.WASHINGTON.EDU