[OpenAFS] what is aklog's algorithm for "deducing" what cell to authenticate to?

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 28 Dec 2005 10:19:29 -0500

>aklog came from athena, where cells were all in the ATHENA.MIT.EDU realm. 
>It's using the krb5 "realm of host" function on,probably, the server.

Actually ... I believe the code that does the mapping from the cell to
the realm was introduced in the first round of k5-ification of aklog,
but I'm not really sure.

>Make your krb5.conf say your server is in the MEGACZ.COM realm.
>Be happy.

To explain the algorithm a bit more ... what aklog does is get a list of
the database servers for the specified cell, and chooses the first one.
It then calls krb5_get_host_realm() on this, and uses the Kerberos realm
that it thinks this host is in.  The server it is choosing is displayed
when you use -d (I guess in your case it's fleet.cs.berkeley.edu).  Like
Derrick said, if you change your krb5.conf to put that in the correct
realm, everything should work.