[OpenAFS] Re: [OpenAFS-devel] problem about authentication

Derek Atkins openafs-info@openafs.org
30 Jan 2002 22:52:34 -0500 

please be sure to send back to the openafs-info list, not just
to me.

=B3=AF=A4=B9=B8t <u85021@ice.ntnu.edu.tw> writes:

> Thanks so much.
> Just because I see some text in IBM AFS:Administration Guide in page 56, =
as the following shows
>    % tokens
>    Tokens held by the Cache Manager:
>=20=20=20=20=20
>    User's (AFS ID 1000) tokens for afs@abc.com  [Expires Jun  2 10:00]
>    User's (AFS ID 4286) tokens for afs@stateu.edu  [Expires Jun  3 1:34]
>    User's (AFS ID 22) tokens for afs@def.com  [>>Expired<<]
>        --End of list--
>=20
> Now I have 2 AFS machines, and they have different cell names. So how can=
 I get tokens from multiple cells
> just like the above shows.

Same way:

klog -c cell1
klog -c cell2
...

Or, if you're using a real kerberos infrastructure you can use
cross-realm Kerberos so that user's only need identifications
in one cell, not both.

Also note that multiple machines can be in the same AFS cell.
AFS is not really meant to have a cell per machine.  I hope
you don't literally mean two machines.  It might help if you
are more specific about what you are trying to accomplish.

-derek


>=20
> ----- Original Message -----=20
> From: "Derek Atkins" <warlord@MIT.EDU>
> To: "=B3=AF=A4=B9=B8t" <u85021@ice.ntnu.edu.tw>
> Cc: "openafs-devel" <openafs-devel@openafs.org>
> Sent: Wednesday, January 30, 2002 10:30 PM
> Subject: Re: [OpenAFS-devel] problem about authentication
>=20
>=20
> > You need to specify the kerberos realm for the user principal.  It is
> > assumed that you are logging into the default realm.  When you are not
> > (in the case of mobility) you need to specify the realm.  This is done
> > in klog via:
> >=20
> >         klog user_a1 -c A.afs
> >=20
> > -derek
> >=20
> > =B3=AF=A4=B9=B8t <u85021@ice.ntnu.edu.tw> writes:
> >=20
> > > Hi all:
> > > I have a problem about authentication. I have 2 machines A and B, the=
ir afs cell name are A.afs and B.afs respectively. Machine A has 2 users us=
er_a1 and user_ a2. Machine B has 2 users user_b1 and user_b2. Now user_a1 =
login Machine B, but when I issue "klog user_a1", it can't access authentic=
ation database in Machine A, however it access database in Machine B, so us=
er_a1 can't get tokens. How can I solve this problem? In other words, how c=
an I use user mobility in AFS(AFS says that it support full user mobility)?
> > > Thanks.
> > >=20
> >=20
> > --=20
> >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >        Member, MIT Student Information Processing Board  (SIPB)
> >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >        warlord@MIT.EDU                        PGP key available
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel

--=20
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available