[OpenAFS] Re: Principal afs@A.COM vs. afs/a.com@A.COM ?
Andrew Deason
adeason@sinenomine.net
Tue, 31 Jan 2012 11:07:27 -0600
On Tue, 31 Jan 2012 12:55:57 +0100
Alexander Lazarević <alexander@lazarevic.de> wrote:
> The principal I used until now was afs@MYDOMAIN.COM . Do I need to
> create a new principal afs/mydomain.com@MYDOMAIN.COM and make afs use
> this one, to make the above work with just using aklog? Should I
> change user principals as well?
afs/mydomain.com@MYDOMAIN.COM is the recommended way for many reasons,
but afs@MYDOMAIN.COM is also supposed to work. It should work if you add
the proper domain_realm mappings on your client krb5.conf; for you I
assume something like:
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
--
Andrew Deason
adeason@sinenomine.net