[OpenAFS] Cross Realm Kerberos+AFS
Derek Atkins
warlord@MIT.EDU
Tue, 18 May 2004 15:39:04 -0400
Huh? Since when do you need a capaths to accept directly-shared cross
realm keys?
-derek
Jeffrey Altman <jaltman@columbia.edu> writes:
> If you are using an MIT KDC then you need to add a [capaths] section to your KDC's
> krb5.conf and restart the KDC.
>
> The cross-realm trust path is not being accepted by the KDC.
>
> Jeffrey Altman
>
> Derek Harkness wrote:
>
> Here's what I'm trying to do, could someone please tell me if it's even
> possible?
>
> I have two kerberos realms BAR.COM and FOO.BAR.COM and I've established a
> kerberos trust between them. All of my users exist in BAR.COM but allow them
> to access my AFS cell foo.bar.com. Currently whenever I try to get an AFS
> tokens aklog reports aklog: KDC policy rejects request while getting AFS
> tickets.
>
> So what am I doing wrong here?
>
> Thanks!
> Derek
>
> "I do not believe that the same God who has endowed us with sense, reason, and
> intellect has intended us to forgo their use"
> -- Galileo Galilei
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available