[OpenAFS] Client on Win2k using "external" K5 realm

[Rhett Butler]

Is anyone using the "external" K5 realm configuration for basic Windows 
2000 authentication?  If so, does your AFS client obtain tokens at login 
correctly? 

We're configuring Win2k boxes to authenticate to our existing MIT based 
kerberos servers.  This works by mapping the authentication to a local 
Win2k account for access to the local Win2k box.  The problem is that 
we're mapping all external accounts to a single account in Win2k.  The AFS 
client does not automatically obtain tokens using this login method.  If I 
map the external kerberos account to a matching local account, tokens are 
obtained.  It's obvious that the name mapping is creating a problem here. 
The strange thing is that the AFS client shows that the current user is 
actually the external kerberos account, not the local machine account. 

If anyone has tested this please let me know.  I'd really appreciate it!

Thanks,
Rhett Butler