[OpenAFS-devel] Multi-Realm Kerberos Support in 1.4.x

Jason D. McCormick jasonmc@sei.cmu.edu
Tue, 23 Sep 2008 10:34:14 -0400


Hello all,

In RT issue 58447 there's mention that the multi-realm Kerberos patch would=
 be put into the 1.4 production branch around what looks like the release t=
ime of 1.4.5.  However in looking at the patch and the code in 1.4.7 I don'=
t see any support for specifying multiple realms in krb.conf.  Am I missing=
 something or was this not added?  If it wasn't added, was there a reason i=
t wasn't added that would cause problems if I started using the patch?  I'm=
 looking for a way to authenticate users from a "foreign" realm. The two K5=
 realms have a two-way trust but I don't want to have to create foreign-rea=
lm PTS entries, I want jasonmc@REALM1.COM and jasonmc@REALM2.COM to get the=
 same PTS/token in the cell realm1.com.

Thanks.

--
Jason McCormick
Unix Team Lead, Systems Group, IT
Software Engineering Institute, Carnegie Mellon Univ.
E: jasonmc@cert.org , jasonmc@sei.cmu.edu