[OpenAFS] Kerberos 5, AFS, and no krb524d
Rodney M Dyer
rmdyer@uncc.edu
Tue, 10 Jun 2003 12:16:26 -0400
At 04:02 PM 6/9/2003 -0400, Derrick J Brashear wrote:
>On Mon, 9 Jun 2003, Rodney M Dyer wrote:
> > So if I've setup my AD domain to trust a MIT Kerberos realms TGT, then I
> > could just request my AFS service principle ticket from my AD server right?
>
>Define "trust". Same realm or different?
Ah, caught me. In my case they would be different.
DNS Domain: uncc.edu
AFS Cell: UNCC.EDU
Kerberos Realm: UNCC.EDU
AD Domain: mosaic.uncc.edu
We have our AD domain in a one-way trust with the Kerberos realm. So by
your response, I couldn't create an AFS service principle on the AD domain
such as...
AD account "afs" which resolves to "afs@mosaic.uncc.edu", to which we would
then add a kerberos name mapping of "afs@UNCC.EDU" and maybe
"afs/UNCC.EDU@UNCC.EDU".
My thinking is...I need to get really deep on this one.
Is this the longest running thread in the OpenAFS openafs-info mailing list
history?
Rodney