[OpenAFS-devel] Multi-Realm Kerberos Support in 1.4.x

[Jason D. McCormick]

> That patch will do what you want and you should be able to apply it
> yourself and compile.  Be aware of the security implications of
> trusting the realms in this manner though.  Whomever can create
> principals in either realm can potentially gain access to your cell as
> a system:administrator.

We own and run both the MIT KDCs and the AD infrastructure so that won't be
a problem, but it's always good to remind people of that.  I'm glad it's
working well for you.  I didn't know why it wasn't included in the
production release - i.e. if there ended up being some fundamental problem.
I couldn't find any -devel list discussion about it and nothing in RT other
than the issue which seemed to imply it would go in 1.4.5.

Thanks.

- Jason