[OpenAFS] Kerberos Authentication with OpenAFS.

Douglas E. Engert deengert@anl.gov
Mon, 13 May 2002 12:27:31 -0500 

Derek Atkins wrote:

> 
> We should seriously standardize on afs/cell@REALM, whether or not
> the cell == REALM.

This also lets you have multiple cells in a realm, as well as the AFS cell
accepting authentication from multiple realms. 

This was part of the argument for treating AFS as an application, separate
from how the authentication is done. 

(The gssklog is using gssklog/server@realm where server is the hostname of
the AFS database server running the gssklogd.) 
 
> 
> -derek
> 
> Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
> 
> > >You will need:
> > >        afs/<cell>@REALM in kerberos, with a des-cbc-crc key only
> >
> > This brings up something I've been meaning to talk about.
> >
> > The migration kit's documentation says normally you should use afs@REALM,
> > because if you're migrating over from V4, that's the name of the principal
> > you're using.  It only suggests using afs/<cell>@REALM if your cell name
> > doesn't match your realm.
> >
> > The problem with using afs/<cell>@REALM is that the stock aklog I have
> > in the migration kit doesn't try it.  I guess the one you guys are shipping
> > has been patched.  I'm just wondering if we should think about standardizing
> > on the principal name, because there seems to be some variance out there.
> >
> > --Ken
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444