[OpenAFS] Moving AFS {pt,vl,vol?}server

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 22 Aug 2002 10:41:41 -0400


>> that tries for a K5 ticket service ticket for afs/<cellname> then defaults to
>> a null instance if this does not exist.  Possibly the intent of that is
>> to make it possible to get a service ticket for
>> 	"afs/<some-cell>@<another-realm-trusted-a-whole-lot-by-that-cell>"
>> which is a fascinating change, to say the least.  There must be some
>
>I'm not sure why you consider this facinating -- it's actually been
>supported for a while.  Many sites do this (MIT is not the only one).

I know we've had this discussion before ... but I feel I must chime in
here.  MIT was the only site I was aware of to do this (and I never
knew until relatively recently if this was a bit of MIT-specific magic,
or what).  Like much of AFS, this feature wasn't documented.  But I
don't think it's exactly fair to say that it works just fine ... since
when _I_ tried using a V4 ticket of the form afs.cell@REALM, it Simply
Didn't Work.  That's why Doug Engert put the original magic in krb524d,
and I propagated that magic to the migration kit.  I know now that
there's some magic file you have to put something in to make the
alternate V4 realm work ... but let's be honest; if Marcus didn't know
about it, then almost _NOBODY_ knew about it.  And I would guess until
recently that the only people who set up their cell this way it were
ex-MITers, because they had experience with it.  A person coming in
cold to AFS would have no idea that this was possible.

--Ken