[OpenAFS] When Using Kerberos5 is klog necessary?

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 31 Dec 2003 00:38:05 -0500


>I should add that here we have the additional complication of two kerberos
>realms. There is our realm/cell, and there is the realm used by the central
>computing on campus, here (and, of course, any used by any other departments).
>
>So, on our systems, if you want tokens/tickets in our cell, you klog. If you
>want tickets in the central realm, you kinit. 
>
>So, switching to kinit for getting tokens/tickets causes other problems (in
>addition to the simple (heh) retraining of users problem).

That sounds like a problem screaming for krb5 cross-realm (even
though that has other issues, but I think those are overcomable).

Documentation on that (the OpenAFS part) is in the migration kit.  We have
a number of people in that situation; seems to work reasonably well.

--Ken