[OpenAFS] Poll: how many organizations are performing principal name mappings via krb524d, gssklogd, etc?

Douglas E. Engert deengert@anl.gov
Wed, 22 Sep 2004 10:34:21 -0500


Derrick J Brashear wrote:

> On Wed, 22 Sep 2004, Jeffrey Altman wrote:
> 
>> Folks, I would like to try to get some idea of just how many
>> organizations are using a translation service to map a Kerberos 5
>> ticket from one realm to a Kerberos 4 ticket in another realm
>> for the purposes of providing access to a local cell.
> 
> 
> Duh. One I forgot. Get the celladmins to put a /usr/afs/etc/krb.conf 
> down with the name of the realm in it.
> e.g.
> NCSA.EDU
> 
> This only works if you have only one additional mapping.

Could this be extended to support multiple realms?
There may be site where the user portion of the
principal from multiple realms map to the same AFS user.

i.e. x@realm1 and x@realm2 both map to x@cell.



> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444