[OpenAFS] Integrated Windows Logon

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 06 May 2011 15:50:27 -0400 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC0F3D4F6AEDE34B31DDC9A9E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 5/6/2011 2:41 PM, Hugo Monteiro wrote:
>=20
> I should also mention that i have set the following keys
>=20
>=20
> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms]
>=20
> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT]
>=20
> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\fct.unl.p=
t]
> "MethodName"=3D"Kerberos5"
> "Realm"=3D"FCT.UNL.PT"
>=20
> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\staff.fct=
=2Eunl.pt]
>=20
> "MethodName"=3D"Kerberos5"
> "Realm"=3D"FCT.UNL.PT"
>=20
>=20
> That said, i would expect that only realm FCT.UNL.PT (and it's
> principals) would be queried.
>=20
>=20

These registry keys are not used by the Network Provider.  Someone can
submit a patch to change that but at present those keys are only used
for the OpenAFS Network Identity Manager credential provider.

The realm for the AFS cell will be determined by the standard
algorithmic method of looking up the server names for the vldb servers
either from CellServDB or via DNS and then performing a domain to realm
translation either locally using the krb5.conf [domain_realm] rules or
using Kerberos referrals if the KDC supports that.

Jeffrey Altman


--------------enigC0F3D4F6AEDE34B31DDC9A9E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJNxFEEAAoJENxm1CNJffh4kM8IANGVqvvfXFjwDZrGAMFbQxTw
QQUsZMrritpmJNwbhLFnhVJO6oX8uwC/7FkCRTfumE+N5YSCKt2WVkI9ZjGEtpaZ
tfSLYeX0pJKaH3sgx38M1gEhufSWrmTENbfWJZ9+1P8mni44vNbXjA4l2d4K89kl
A718jDjQ6HrqSN3XmbbvjBXXu/DBWiXx1gkeqiBBmlt70oBJoX+r6mzK5sSi/hwT
wPfZm3j6WXWpnXyGXNfOfxhiBw7csg/ovq6bUhWArV9Zih8nanfKahAbWdcAybmj
ub/nVkVyykyTe7ETBidgo5iCjLuJ8WgVbreqC6S84cqCTMMnGrPhCW3DgmDQ5tg=
=5tdv
-----END PGP SIGNATURE-----

--------------enigC0F3D4F6AEDE34B31DDC9A9E--