[OpenAFS] OS X Lion: multiple Kerberos realms ?
Gabriel L. Somlo
gsomlo@gmail.com
Wed, 18 Jul 2012 12:06:24 -0400
Hi,
I have the same username in two different Kerberos realms. One realm
authenticates the OpenAFS cell I am trying to use. The other realm
authenticats a Samba server from which I'm also trying to map shares.
Without loss of generality, I could be attempting to use AFS home
directories in two separate cells backed by separate kerberos realms,
in which I happen to have the same user name.
I managed to automatically acquire Kerberos tickets on login to Lion,
using this method:
Start /System/Library/CoreServices/Directory Utility;
Pick the "Directory Editor" tab
Under "users", find the appropriate user account
Under "AuthenticationAuthority", add a line:
;Kerberosv5;;user@REALM1.EXAMPLE.COM;REALM1.EXAMPLE.COM
This gets me tickets for user@REALM1; but if I add two lines, one for
each of user@REALM1 and user@REALM2, I only get tickets for the first
listed realm, and not for the second one (both work if they're either
first or the only one listed).
Any OSX/Lion experts out there who know how to force acquisition of
Kerb tickets from more than one realm upon login ?
Thanks,
--Gabriel