[OpenAFS] Re: IPA + OpenAFS

Andrew Deason adeason@sinenomine.net
Thu, 12 Jul 2012 14:35:03 -0500


On Thu, 12 Jul 2012 11:16:55 -0400
Qing Chang <qchang@sri.utoronto.ca> wrote:

> As recommended, you should create an AFS service principal as
> afs/DOMAIN@REALM, eg, afs/sri.utoronto.ca. IPA does not allow a
> service principal to be created if there is no corresponding host
> principal. Hence, I have to have this: afs/openafs.sri.utoronto.ca,
> where openafs.sri.utoronto.ca is the FQDN of the server. OpenAFS seems
> to be happy with this,

I forgot to mention... if it wasn't clear, this means that your cell
name will be openafs.sri.utoronto.ca, not sri.utoronto.ca. That's not a
problem if you're okay with that, but it may look a little funny; it's
like having an email address like <qchang@sendmail.sri.utoronto.ca>. It
also may be a little confusing, since if you ever have more than one
server for the cell, afs/openafs.sri.utoronto.ca will be used by several
servers with different FQDNs, not just openafs.sri.

I haven't used IPA, but I assume you could create a host principal for
sri.utoronto.ca and then just not use it, to get around that
restriction. But that's not required.

-- 
Andrew Deason
adeason@sinenomine.net