[OpenAFS] cross-realm auth and windows gui

Dave Botsch botsch@cnf.cornell.edu
Fri, 3 Nov 2006 10:25:09 -0500

I've been looking into doing cross-realm auth with afs. For the most part, it looks like this is pretty darn easy...

setup the system:authuser@foreignrealm group
kinit in the foreign realm, run aklog/afslog -- this creates the pts entry
add any afs acls

This leaves Windows... I see that Windows does come w. an aklog.exe... so, presumably, I could write a script to do the kinit/aklog.exe...

what about the afscreds.exe gui in 1.4.2? Is there a way to tell it that the kerberos tickets are in realm A but it needs to get an afs service ticket in realm B?


David William Botsch
CNF Computing