[OpenAFS-devel] Re: [OpenAFS] Cross Realm Kerberos+AFS
Douglas E. Engert
deengert@anl.gov
Wed, 19 May 2004 13:06:53 -0500
This brings up a question about the K5 support in 1.3.64
As far as I can tell the rskad code does not check the transited field,
or check for an empty transited field, or if the the KDC set the
TRANSITED_POLICY_CHECKED flag.
So it is not much better then the K4 support for cross realm.
It should be a simple fix to at least check for TRANSITED_POLICY_CHECKED
or an empty transited field.
Ken Hornstein wrote:
>
> >Woohoo!!! I got a different error. Thanks for all the HELP!
> >
> >The magic switch is -X on krb524d.
>
> As long as you don't mind your cell being vulnerable to a glaring security
> hole, sure, that's okay. :-/
>
> >aklog: Badly formed name (group prefix doesn't match owner?) so unable
> >to create remote PTS user dharknes@umd.umich.edu in cell
> >its.umd.umich.edu (status: 267272)
> >
> >This is where I need to create a system:authuser@umd.umich.edu. Right?
>
> Right.
>
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444