[OpenAFS] OpenAFS authenticating against multiple Kerberos servers simultaneously
Wed, 21 Sep 2011 18:08:08 -0400
I have to perform a fairly major upgrade on my Kerberos servers which
authenticate our Openafs cell, which means running with 2 different
kerberos servers, at least for a short while.
I'd like to create a keytab on the new server and add it to the
KeyFile of our existing servers. Then when a user tries to access AFS,
they can be authenticated against whichever Kerberos server they like.
The problem is that both servers are authoritative for the same realm,
so I don't think there's any way for OpenAFS to know which server the
user's Kerberos ticket was obtained from.
Please can you tell me if it's possible? And if so, how?