[OpenAFS] AFS-Tokens in cross realm szenario problem
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 16 Aug 2005 16:14:51 -0400
>we are currently using 1.3.86 on two X86_64 based database server nodes,
>providing an AFS cell named cg.fzk.de. We have a ADS KDC for CG.FZK.DE with
>some users inside.
Dumb question time: what's an "ADS KDC" ? If it's an Active Directory
server, I could see this causing problems (e.g., the PAC might cause the
ticket to be too big, depending on a bunch of issues).
>also aklog happily provides me with a wrong token but throughs an error:
>aklog
>aklog: Unknown error 267272 so unable to create remote PTS user
>schwicke@ka.fzk.de in cell cg.fzk.de (status: 267272).
% translate_et 267272
267272 (pt).8 = Badly formed name (group prefix doesn't match owner?)
I am wondering if you never created a cross-realm PTS entry.
--Ken