[OpenAFS] Cross Realm Kerberos+AFS
Derek Harkness
dharknes@umd.umich.edu
Tue, 18 May 2004 16:23:39 -0400
It only appears to be a problem with the cross realm it I do everything=20=
in the FOO.BAR.COM realm then it works great.
Derek
On May 18, 2004, at 4:10 PM, Jeffrey Altman wrote:
> Derek Atkins wrote:
>
> Jeffrey Altman <jaltman@columbia.edu> writes:
>
>
> Derek Atkins wrote:
>
>
> Huh? Since when do you need a capaths to accept directly-shared=20=
> cross
> realm keys?
>
> You shouldn't, but that is what the KDC Policy error usually means.
>
> Couldn't it also be an improper flag setting on the afs key? For
> example if it's not set to accept tgs requests couldn't it also
> throw this error?
>
> -derek
>
>
> It could be but then he should not be obtaining AFS tickets
> from either realm.=A0 It the problem is only the cross-realm
> then that cause would be ruled out.
>
> Let's see what the full aklog output looks like.=A0
>
>
>