[OpenAFS] cross-realm auth and windows gui
Dave Botsch
botsch@cnf.cornell.edu
Fri, 3 Nov 2006 10:25:09 -0500
I've been looking into doing cross-realm auth with afs. For the most part, it looks like this is pretty darn easy...
setup the system:authuser@foreignrealm group
kinit in the foreign realm, run aklog/afslog -- this creates the pts entry
add any afs acls
This leaves Windows... I see that Windows does come w. an aklog.exe... so, presumably, I could write a script to do the kinit/aklog.exe...
what about the afscreds.exe gui in 1.4.2? Is there a way to tell it that the kerberos tickets are in realm A but it needs to get an afs service ticket in realm B?
Thanks!
--
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch@cnf.cornell.edu
********************************