[OpenAFS] Client on Win2k using "external" K5 realm

[Rhett Butler]

Is anyone using the "external" K5 realm configuration for basic Windows
2000 authentication?  If so, does your AFS client obtain tokens at login
correctly?

We're configuring Win2k boxes to authenticate to our existing MIT based
kerberos servers.  This works by mapping the authentication to a local
Win2k account for access to the local Win2k box.  The problem is that we're
mapping all external accounts to a single account in Win2k.  The AFS client
does not automatically obtain tokens using this login method.  If I map the
external kerberos account to a matching local account, tokens are obtained.
It's obvious that the name mapping is creating a problem here.  The strange
thing is that the AFS client shows that the current user is actually the
external kerberos account, not the local machine account.

If anyone has tested this please let me know.  I'd really appreciate it!

Thanks,
Rhett Butler