Fwd: [OpenAFS] Manually Creating Cross Realm Users

Jayen Ashar jayen@science.unsw.edu.au
Sat, 16 Jun 2012 19:17:26 +1000

Yes, I found that after reading Simon's email. =A0Just reading the man
page, though, it wouldn't have been clear to me that this is what I
wanted. Could a line be added to the man page similar to what Simon

"When multiple Kerberos5 realms authenticate to the same AFS cell, all
local and foreign realms in krb.conf are equivalent, so sxw@LOCAL and
sxw@FOREIGN would both map to the pts user sxw."

Could something also be added to
http://docs.openafs.org/AdminGuide/ch02s03.html#HDRWQ40 (Granting and
Denying Foreign Users Access to Your Cell)?


P.S.=A0 Apologies if this is a duplicate.=A0 I have reason to believe the
university's mail server dropped my previous reply.

On Thu, 14 Jun 2012, Jason Edgecombe wrote:

> I don't think so. It's documented in the krb.conf man page, though.
> On 06/14/2012 07:16 AM, Jayen Ashar wrote:
>> Yes, that works wonderfully! =A0Thanks for that. =A0Is this mentioned in
>> the Admin Guide somewhere? =A0I couldn't find it.
>> Thanks,
>> Jayen
>> On Thu, Jun 14, 2012 at 9:04 PM, Simon Wilkinson
>> <simonxwilkinson@gmail.com> wrote:
>>> On 14 Jun 2012, at 11:45, Jayen Ashar <jayen@science.unsw.edu.au> wrote=
>>>> Is there any chance this has changed in the last 9 years?
>>> The details of how cross-realm users are created hasn't changed,
>>> However, I don't think this is applicable to your situation. What you s=
hould do is list both your local and foreign realms in =A0 =A0krb.conf. Thi=
s tells AFS that the two realms are equivalent, so sxw@LOCAL =A0and sxw@FOR=
EIGN would both map to the pts user sxw.
>>> Cheers,
>>> Simon