[OpenAFS] When Using Kerberos5 is klog necessary?
Chris McClimans
openafs-info@mcclimans.net
Thu, 22 Jan 2004 16:20:11 -0600
David,
I'm using a similar setup here at TTU.
I have a CS.TTU.EDU mit realm with trust principals from the TTU.EDU
realm (an MS Active Directory) for user accounts.
I'm currently trying to find a decent solution from windows XP boxes
that are part of the TTU.EDU domain to automatically get tokens from
login. MIT leash/kinit + gssklog work however, ms2mit and gssklog fail.
Are you straight unixen in your department or do you have a mixture
like myself?
-chris
On Dec 30, 2003, at 11:21 PM, David Botsch wrote:
> I should add that here we have the additional complication of two
> kerberos
> realms. There is our realm/cell, and there is the realm used by the
> central
> computing on campus, here (and, of course, any used by any other
> departments).
>
> So, on our systems, if you want tokens/tickets in our cell, you klog.
> If you
> want tickets in the central realm, you kinit.
>
> So, switching to kinit for getting tokens/tickets causes other
> problems (in
> addition to the simple (heh) retraining of users problem).
>
> On Tue, Dec 30, 2003 at 10:34:00PM -0500, Ken Hornstein wrote:
>>> Why would I want to tell end users they have to type in two commands
>>> to
>>> get tokens instead of one? Most can barely handle just typing in
>>> "klog".
>>
>> Years ago, I added support to my kinit so that it runs aklog
>> automatically.
>> Works just fine.
>>
>> --Ken
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
> ********************************
> David William Botsch
> Consultant/Advisor II
> CCMR Computing Facility
> dwb7@ccmr.cornell.edu
> ********************************
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>