[OpenAFS] AFS-Tokens in cross realm szenario problem

Ken Hornstein kenh@cmf.nrl.navy.mil
Tue, 16 Aug 2005 16:14:51 -0400

>we are currently using 1.3.86 on two X86_64 based database server nodes, 
>providing an AFS cell named  cg.fzk.de. We have a ADS KDC for CG.FZK.DE with 
>some users inside.

Dumb question time: what's an "ADS KDC" ?  If it's an Active Directory
server, I could see this causing problems (e.g., the PAC might cause the
ticket to be too big, depending on a bunch of issues).

>also aklog happily provides me with a wrong token but throughs an error:
>aklog: Unknown error 267272 so unable to create remote PTS user 
>schwicke@ka.fzk.de in cell cg.fzk.de (status: 267272).

% translate_et 267272
267272 (pt).8 = Badly formed name (group prefix doesn't match owner?)

I am wondering if you never created a cross-realm PTS entry.