[OpenAFS] Poll: how many organizations are performing principal name mappings via krb524d, gssklogd, etc?

Derrick J Brashear shadow@dementia.org
Wed, 22 Sep 2004 14:13:23 -0400 (EDT)

On Wed, 22 Sep 2004, Ken Hornstein wrote:

>> For example, yesterday it we determined that Kerberos 5 principals
>> within the realm NCSA.EDU are mapped via krb524d to Kerberos 4
>> principals within the realm NCSA.UIUC.EDU in order for AFS to
>> recognize the local user since the cell name is ncsa.uiuc.edu.
>>   u@NCSA.EDU (k5) -> u@NCSA.UIUC.EDU (k4) -> u@ncsa.uiuc.edu (afs)
> Let me provide a bit of history on this.
> This code was part of the AFS-Kerberos 5 Migration kit from many years back.
> I believe it was written by Von Welch at NCSA, who adapted it from some other
> code from Doug Engert (I guess I could look at the CVS history, but I don't
> think it's that important).  Von wrote it so NCSA could have a AFS cell that
> didn't match their Kerberos realm.
> Now, as people will point out, this complicated mess really wasn't
> necessary.  If you put a krb.conf file (if you can figure out the
> format, which I always forget) in the right location on AFS server, it


is a fine format.