[OpenAFS] OpenAFS+KerberosV permission problem
Richard Wallace
rwallace@a--i--m.com
Thu, 29 May 2003 11:07:29 -0700 (MST)
>>Um, afs/cell@REALM works just fine.. I've got a krb5 ticket for
>>afs/sipb.mit.edu@ATHENA.MIT.EDU using principal warlord@ATHENA.MIT.EDU
>>and I've got a valid token for "user warlord in cellsipb.mit.edu".
>>
>>So the fact that cell != REALM shouldn't matter.
>
> I can assure you that without doing some extra configuration, it
> definately DOES matter. I know that y'all at MIT have been doing this
> for years, and it definately does work, but I've seen this cause lots
> of problems for people who didn't understand all of the implications.
> If you have a simple configuration (one realm and one cell), it is
> definately better for the Kerberos/AFS novice to make the cell and the
> realm name the same.
>
Well, that description definitely describes me. I'll go ahead and
reinstall openafs and make the cell name the same as the realm. I'll let
you all know how it goes.
Thanks for the help.
Rich
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>