[OpenAFS] Cross Realm Kerberos+AFS

Derek Harkness dharknes@umd.umich.edu
Tue, 18 May 2004 15:24:22 -0400


--Apple-Mail-2--773119444
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed

Here's what I'm trying to do, could someone please tell me if it's even 
possible?

I have two kerberos realms BAR.COM and FOO.BAR.COM and I've established 
a kerberos trust between them.  All of my users exist in BAR.COM but 
allow them to access my AFS cell foo.bar.com.  Currently whenever I try 
to get an AFS tokens aklog reports aklog: KDC policy rejects request 
while getting AFS tickets.

So what am I doing wrong here?

Thanks!
Derek

"I do not believe that the same God who has endowed us with sense, 
reason, and intellect has intended us to forgo their use"
-- Galileo Galilei

--Apple-Mail-2--773119444
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAqmLnAvEoEtP3J74RAv9BAJ9LDfE3iX9sk49n2I71Pb4COG2w/ACeIqHY
YhQWVGf2W0LiZvMi3dtqeP0=
=uI8B
-----END PGP SIGNATURE-----

--Apple-Mail-2--773119444--