[OpenAFS] asetkey: failed to set key, code 70354694
Ken Hornstein
kenh@cmf.nrl.navy.mil
Mon, 09 Apr 2007 14:34:45 -0400
>That is assuming you don't have more than X Kerberos realms that you
>want to use for an afs service principal. And if you want to change the
>afs service principal in all trusted realms, you could end up needing 2X
>"slots" in the KeyFile.
I think you've got it backwards. You can only use one Kerberos realm
per AFS cell (well, I guess maybe you could use two ... I don't know
if you can simultaneously have a realm with the same name as your
cell and the single "alternate" you are allowed). Maybe you're thinking
of multiple AFS cells served out of one Kerberos realm ... but that's
one entry per keyfile.
>Is there a specific reason for the limit? It seems arbitrary to me.
It was probably pulled out of someone's ass a million years ago ... like
every other arbitrary limit in AFS :-)
--Ken