[OpenAFS] what is aklog's algorithm for "deducing" what cell to authenticate to?

Derrick J Brashear shadow@dementia.org
Tue, 27 Dec 2005 20:50:05 -0500 (EST)


On Tue, 27 Dec 2005, Adam Megacz wrote:

>
> [see end of message for additional details on why my cell works this way]
>
> This is weird.  When I execute "aklog -c megacz.com", aklog does not attempt
> to authenticate to the "obvious" k5 realm (MEGACZ.COM -- I have the
> DNS autodetection entries for that, and they work):
>
>  megacz@maxwell:~$aklog -d -c megacz.com
>
>  Authenticating to cell megacz.com (server fleet.cs.berkeley.edu).
>  We've deduced that we need to authenticate to realm CS.BERKELEY.EDU.
>  Getting tickets: afs/megacz.com@CS.BERKELEY.EDU

aklog came from athena, where cells were all in the ATHENA.MIT.EDU realm. 
It's using the krb5 "realm of host" function on,probably, the server.

Make your krb5.conf say your server is in the MEGACZ.COM realm.
Be happy.

Derrick