[OpenAFS] When Using Kerberos5 is klog necessary?
Russ Allbery
rra@stanford.edu
Thu, 01 Jan 2004 11:11:12 -0800
Jeffrey Altman <jaltman@columbia.edu> writes:
> On Windows, the ticket manager (Leash) already performs the following
> logic:
> 1. obtain a k5 tgt for REALM
> 2. obtain default AFS cell
> 3. attempt to obtain a k5 afs/cell@REALM or afs/cell@CELL or afs@CELL
> 4. if successful, perform krb524 on ticket to get k4 afs ticket and
> munge into AFS token
> This works fine for one cell. But what if you need to obtain tokens for
> multiple cells using the same tgt? The question is how and where to
> specify that?
Ah, okay. This I don't know about personally; Stanford has always had a
single AFS cell (apart from SLAC, but SLAC is basically a completely
separate site with its own Kerberos realm).
> I thought this is the problem which we were attempting to solve.
I'm pretty sure that the original author, way back at the beginning of the
thread, has two independent Kerberos realms. But the thread has drifted
into other interesting discussions. :)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>