[OpenAFS] Re: OS X Lion: multiple Kerberos realms ?
Wed, 18 Jul 2012 12:50:15 -0500
On Wed, 18 Jul 2012 13:25:11 -0400
"Gabriel L. Somlo" <email@example.com> wrote:
> I guess the currently available solution is to either
> 1. work a political miracle and get a Unix kerberos
> service principal for Samba, then use just the Unix
If I'm understanding your scenario right, I think you are missing two
3. Create an AFS service principal in the AD realm.
4. Create a cross-realm trust between the two realms. The AFS service
principal lives in the Unix realm, and the users get tickets for AD.
Both of these let you authenticate to AFS while having tickets only for