[OpenAFS] what is aklog's algorithm for "deducing" what cell to authenticate to?
Wed, 28 Dec 2005 10:19:29 -0500
>aklog came from athena, where cells were all in the ATHENA.MIT.EDU realm.
>It's using the krb5 "realm of host" function on,probably, the server.
Actually ... I believe the code that does the mapping from the cell to
the realm was introduced in the first round of k5-ification of aklog,
but I'm not really sure.
>Make your krb5.conf say your server is in the MEGACZ.COM realm.
To explain the algorithm a bit more ... what aklog does is get a list of
the database servers for the specified cell, and chooses the first one.
It then calls krb5_get_host_realm() on this, and uses the Kerberos realm
that it thinks this host is in. The server it is choosing is displayed
when you use -d (I guess in your case it's fleet.cs.berkeley.edu). Like
Derrick said, if you change your krb5.conf to put that in the correct
realm, everything should work.