[OpenAFS-devel] foreign pts ids

Derek Atkins warlord@MIT.EDU
21 Aug 2001 22:45:02 -0400 

Indeed, the cross-cell IDs are based on a cellID/Counter mechanism.
However, this shouldn't cause much of a problem with anything except,
perhaps, 'ls'.  I don't see why this would cause a problem.

Another option: if you trust that userN@E.KTH.SE == userN@MATH.KTH.SE
(in other words, if you can be assured of a name-equivalence across
realms or at least a flat namespace) you can tell your servers to map
both realms to be equivalent.  This is done in, I believe,
/usr/afs/etc/krb.realms.  The only hitch is that you'll need the same
afs key in both realms, IIRC.

Yet another option, if your different domains are truly that separate,
is to just run multiple AFS cells.  It's just not hard to do so.  You
can still setup cross-cell authentication in order to share
priviledges, but then you dont get the 'ls' problems you would get
from sharing a single cell.

-derek

Mattias Amnefelt <mattiasa@e.kth.se> writes:

> Hi!
> 
> We are right now looking at a situation where we might end up with multiple
> different kerberos realms with the same afs cell as their home cell. This
> should work just fine, except that only one of the realms will appear to be
> local to afs. Our local realm is is E.KTH.SE and we would like to
> incorporate MATH.KTH.SE into this cell.
> 
> What I'd like to do now is let user@MATH.KTH.SE correspond to the
> user@math.kth.se pts entry and let that entry have user's uid.
> 
> Unfortunately foreign pts ids are required to be in a different range than
> local ids, and normaly much higher. If I've understood the code correctly
> the low 16 bits is the cell-id and the high 16 is an incrementing counter
> for the foreign id.
> 
> Does anyone know if this structure is used anywhere? I fear that for
> instance the system:authuser@foreign.cell uses this feature.
> 
> /mattiasa
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available