[OpenAFS] Using cross-realm tickets for AFS

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 19 Nov 2010 10:36:41 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig372D096DC7DF1233116590C8
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 11/19/2010 10:14 AM, Booker Bense wrote:
> On Fri, 19 Nov 2010, Jeffrey Altman wrote:
>=20
>> On 11/19/2010 9:54 AM, Booker Bense wrote:
>>>
>>> Well, SLAC has finally entered the 21st century and we
>>> now have cross-realm authn working between our unix and
>>> AD servers. Is there any way to map multiple K5 principals,
>>> to a single AFS userid?
>>
>> http://docs.openafs.org/Reference/5/krb.conf.html
>>
>=20
> Does that require an AFS principal in the AD realm?
>=20
> I knew it was in there somewhere, but my google-fu
> was weak.

Not if you are using cross-realm.




--------------enig372D096DC7DF1233116590C8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJM5pmKAAoJENxm1CNJffh457MIANJqel++LiQ+Fnj8a68RK5ND
L+6ldJmC2KEHwDF3vmPX0eMRV6C44+SgUGQJBKDfIO82WkOEKEEvMGNXpxiB2StE
Z8/hNWBw8QePJ0YSrsTYmebx78mmvS3fDdLxeyTycylzALt0VJpXxL5/e2FGbLA6
PB/6kmElVt5Pj4nJspSUsHlxVS0ZBeypmOzDU27F/FCTvPvWPejIdcUOhHbZg6q2
+uKCJIbUC4e6hgc66kEDx4YrbversAuIk2RuuPcAWwR1/3vly5jyIWMGNcFLUN9L
FBgZOZdUhe3TR3M+M9l946a3koyAZGxP4Z2QoS5EcOJPpk2eqUy52XvKloqU/hg=
=0zS9
-----END PGP SIGNATURE-----

--------------enig372D096DC7DF1233116590C8--