[OpenAFS] AFS and two realms.
Derrick J Brashear
shadow@dementia.org
Tue, 15 Mar 2005 00:32:11 -0500 (EST)
On Tue, 15 Mar 2005, Jan Johansson wrote:
> Hello.
>
> Today we have all users in the LOCAL realm, soon they will move
> to the CENTRAL realm.
>
> To keep a separation so that if CENTRAL is cracked I can still
> trust my AFS I want to keep the afs key in the LOCAL realm.
>
> I know this is possible and then using cross-realm and ACL:s with
> jdoe@CENTRAL.
>
> Is it possible to somehow keep the key in LOCAL and tell my AFS
> that jdoe@CENTRAL is jdoe so that I do not have to change every
> ACL?
look in the archive for information about the /usr/afs/etc/krb.conf file
basically it gets one line, the name of a kerberos realm (upcased) which
gets treated as if its usernames are in the local cell. a hack but it
works as long as LOCAL and CENTRAL have the same usernames.