[OpenAFS] Re: what is aklog's algorithm for "deducing" what cell to
authenticate to?
Adam Megacz
megacz@cs.berkeley.edu
Tue, 27 Dec 2005 20:20:10 -0800
Derrick J Brashear <shadow@dementia.org> writes:
> realm. It's using the krb5 "realm of host" function on,probably, the
> server.
For the [mailing list] record, it appears that aklog does this in the
absence of anything in krb5.conf overriding its behavior:
aklog -c foo.com
resolve AFSDB record for domain foo.com
-> result is server.bar.com
perform kerberos server discovery (RFC2052) on server.bar.com
-> usually something.bar.com (depends on DNS entries)
In my case, this was fixed by making the AFSDB record for my cell's
domain point at a hostname ending with the cell name (fake.foo.com),
which had an "A" record that could point wherever I wanted (same IP as
server.bar.com).
- a
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380