[OpenAFS] Re: what is aklog's algorithm for "deducing" what cell to
authenticate to?
Adam Megacz
megacz@cs.berkeley.edu
Wed, 28 Dec 2005 10:35:16 -0800
Modifying all those krb5.conf's is not an option (clueless users can't
be expected to do this), so I have no other choice. Fortunately many
libkrb5's _do_ know about RFC2052.
BTW, I think understanding and valuing this sort of scenario -- where
the AFS admin does not control the client machines and users are
unsophisticated -- is an important hurdle that the OpenAFS community
still needs to get over. Afsdb/dynroot were a big step in this
direction, though!
- a
Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
>> perform kerberos server discovery (RFC2052) on server.bar.com
>> -> usually something.bar.com (depends on DNS entries)
>
> Be careful ... aklog doesn't know anything about RFC2052; it just calls
> a Kerberos library function. What that does depends on your Kerberos
> implementation.
>
> --Ken
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380