[OpenAFS] When Using Kerberos5 is klog necessary?
David Botsch
dwb7@ccmr.cornell.edu
Wed, 31 Dec 2003 00:43:10 -0500
Cross-realmness would be nice. There's a lot of non-technical reasons why we
can't go there.
On Wed, Dec 31, 2003 at 12:38:05AM -0500, Ken Hornstein wrote:
> >I should add that here we have the additional complication of two kerberos
> >realms. There is our realm/cell, and there is the realm used by the central
> >computing on campus, here (and, of course, any used by any other departments).
> >
> >So, on our systems, if you want tokens/tickets in our cell, you klog. If you
> >want tickets in the central realm, you kinit.
> >
> >So, switching to kinit for getting tokens/tickets causes other problems (in
> >addition to the simple (heh) retraining of users problem).
>
> That sounds like a problem screaming for krb5 cross-realm (even
> though that has other issues, but I think those are overcomable).
>
> Documentation on that (the OpenAFS part) is in the migration kit. We have
> a number of people in that situation; seems to work reasonably well.
>
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************