[OpenAFS] Re: Active Directory Kerberos ticket allowing to access OpenAFS
cell?
Andrew Deason
adeason@sinenomine.net
Wed, 2 Nov 2011 11:51:40 -0500
On Wed, 2 Nov 2011 17:17:20 +0100
stasheck <stasheck.fora@gmail.com> wrote:
> What I know, what I need:
[...]
> - I can form mutual trust relationship between MIT and AD (did that to
> test some previous ideas)
This isn't strictly necessary, though it may be the easier way to go,
depending on your relationship with AD. You can set up the MIT and AD
realms as just completely separate realms that both have access to AFS.
Just set up each one as if it were the only realm, add the afs service
principal for each realm to the afs KeyFile, and put both realms in
/usr/afs/etc/krb.conf.
--
Andrew Deason
adeason@sinenomine.net