[OpenAFS] Re: Kerberos 5, AFS, and no krb524d
Dr A V Le Blanc
Dr A V Le Blanc <LeBlanc@mcc.ac.uk>
Tue, 10 Jun 2003 11:16:22 +0100
On 09 Jun 2003 at 23:48:46 -0400, Nicholas Henke <henken@seas.upenn.edu> wrote:
> There will definitely be a web page put up to describe krb5 +
> openafs + cell name != realm.
I was tempted to say this the last time the question arose of
'unexpected' cell names, so I'll say it now, even if it's not
quite in line with this long-standing problem.
Some of us have had no choice in having a cell name that
does not correspond to our DNS name. In our case it was because
we have three (or now more) different DNS domains in a single
institution, so in any case some machines would not fit into
the 'recommended' pattern. Moreover, at the time we set up
our cell, we were told that the DNS registration was going to
have to change, so we named our cell after the new domain we
expected the majority of our machines to have. Eventually
it was decided not to do this, and we were stuck.
The consequences of having DNS and realm and cell names different
from each other need to be spelled out somewhere, and the
means of solving the resulting problems documented.
-- Owen
LeBlanc@mcc.ac.uk