[OpenAFS] Poll: how many organizations are performing principal
name mappings via krb524d, gssklogd, etc?
Derrick J Brashear
shadow@dementia.org
Wed, 22 Sep 2004 14:13:23 -0400 (EDT)
On Wed, 22 Sep 2004, Ken Hornstein wrote:
>> For example, yesterday it we determined that Kerberos 5 principals
>> within the realm NCSA.EDU are mapped via krb524d to Kerberos 4
>> principals within the realm NCSA.UIUC.EDU in order for AFS to
>> recognize the local user since the cell name is ncsa.uiuc.edu.
>>
>> u@NCSA.EDU (k5) -> u@NCSA.UIUC.EDU (k4) -> u@ncsa.uiuc.edu (afs)
>
> Let me provide a bit of history on this.
>
> This code was part of the AFS-Kerberos 5 Migration kit from many years back.
> I believe it was written by Von Welch at NCSA, who adapted it from some other
> code from Doug Engert (I guess I could look at the CVS history, but I don't
> think it's that important). Von wrote it so NCSA could have a AFS cell that
> didn't match their Kerberos realm.
>
> Now, as people will point out, this complicated mess really wasn't
> necessary. If you put a krb.conf file (if you can figure out the
> format, which I always forget) in the right location on AFS server, it
NCSA.EDU
is a fine format.