[OpenAFS] OS X Lion: multiple Kerberos realms ?

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 18 Jul 2012 13:48:16 -0400


>Heh, yeah. Not knowing it's "not supposed to" work, I tried, and I got
>tickets for both realms to show up in the viewer. True, klist will
>only show one (whichever was acquired last), but once I have the
>tickets, I can map Samba shares and work in AFS simultaneously,
>without any apparent problems.

That it "works" at all is due to Apple-specific magic; I suspect
if you do "klist -A" it will show both sets of credentials.  You can
use kswitch to switch between the credentials, but there's really only
one active at a time (AFS continues to work even if you switch away
from the cache with the AFS credentials, because AFS stores the service
ticket itself).

I don't have a good solution to your problem, unfortunately.

--Ken