[OpenAFS] OpenAFS authenticating against multiple Kerberos servers simultaneously

Dan Scott danieljamesscott@gmail.com
Wed, 21 Sep 2011 18:08:08 -0400


I have to perform a fairly major upgrade on my Kerberos servers which
authenticate our Openafs cell, which means running with 2 different
kerberos servers, at least for a short while.

I'd like to create a keytab on the new server and add it to the
KeyFile of our existing servers. Then when a user tries to access AFS,
they can be authenticated against whichever Kerberos server they like.
The problem is that both servers are authoritative for the same realm,
so I don't think there's any way for OpenAFS to know which server the
user's Kerberos ticket was obtained from.

Please can you tell me if it's possible? And if so, how?


Dan Scott