Kerberos & Single Sign-On (SSO)

Network Share Mounter provides full support for Kerberos authentication and ticket management. Similar to tools like Apple Enterprise Connect, Jamf Connect, or NoMAD, Network Share Mounter handles the login and renewal of tickets in a Kerberos realm natively from your macOS menu bar.

What is Kerberos?

Kerberos is a highly secure computer network authentication protocol. To understand how it works, imagine visiting an amusement park: Instead of showing your ID and paying cash at every single ride, you verify your identity once at the main entrance and receive a wristband (a “Ticket”). Whenever you want to go on a ride, you simply show your wristband.

In the IT world, this is called Single Sign-On (SSO). Instead of typing your username and password every time you want to access a different file server, printer, or internal website, you log in once. The Kerberos server gives your Mac a digital “ticket.” When you try to mount a network share, your Mac presents this ticket to the server, and you are granted access immediately and invisibly in the background.

How it works in Network Share Mounter

Network Share Mounter actively monitors your network state. Whenever you change networks (e.g., switching from Wi-Fi to Ethernet, or connecting to a company VPN), the app checks if your Kerberos server (Domain Controller) is reachable.

If it is, the app will automatically attempt to authenticate or renew your existing ticket. This ensures you always have valid credentials before the app attempts to mount your network shares.

Because of this robust ticket lifecycle management, Network Share Mounter can be used purely as a Kerberos authentication tool, even if you don’t configure any network shares to mount. It is a lightweight, open-source alternative to NoMAD or Jamf Connect.

Configuration

For Home Users

Kerberos requires an Active Directory or a dedicated Kerberos server, which means it is rarely used outside of enterprise or university networks. However, if you have a home lab or a specific setup, you can manually set your Kerberos Realm in the app’s preferences via the menu bar icon.

For IT Administrators (MDM)

In enterprise environments, you don’t want users to configure this manually. The Kerberos realm can be seamlessly pre-configured and deployed to all your Macs using a Mobile Device Management (MDM) Configuration Profile.

By pushing the KerberosRealm key via your MDM, Network Share Mounter will automatically know where to authenticate your users, providing a zero-touch SSO experience.