[OpenAFS] Integrated Windows Logon

Hugo Monteiro hugo.monteiro@fct.unl.pt
Fri, 06 May 2011 21:46:59 +0100 

On 05/06/2011 08:50 PM, Jeffrey Altman wrote:
> On 5/6/2011 2:41 PM, Hugo Monteiro wrote:
>> I should also mention that i have set the following keys
>>
>>
>> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms]
>>
>> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT]
>>
>> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\fct.unl.pt]
>> "MethodName"="Kerberos5"
>> "Realm"="FCT.UNL.PT"
>>
>> [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\staff.fct.unl.pt]
>>
>> "MethodName"="Kerberos5"
>> "Realm"="FCT.UNL.PT"
>>
>>
>> That said, i would expect that only realm FCT.UNL.PT (and it's
>> principals) would be queried.
>>
>>
> These registry keys are not used by the Network Provider.  Someone can
> submit a patch to change that but at present those keys are only used
> for the OpenAFS Network Identity Manager credential provider.
>
> The realm for the AFS cell will be determined by the standard
> algorithmic method of looking up the server names for the vldb servers
> either from CellServDB or via DNS and then performing a domain to realm
> translation either locally using the krb5.conf [domain_realm] rules or
> using Kerberos referrals if the KDC supports that.
>
> Jeffrey Altman
>


Hi Jeffrey,

i'm using DNS to publish AFSDB records and it's able to find the AFS 
servers. But apparently domain translation isn't happening.

My /etc/krb5.conf file, at the vldb servers, contains

[domain_realm]
         .fct.unl.pt = FCT.UNL.PT

So i assume it should use the same domain for both cells.

I'm sorry if all this seems rather obvious, but the fact is that i don't 
know which road to take.

Best Regards,

Hugo Monteiro.

-- 
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _