Fwd: [OpenAFS] Manually Creating Cross Realm Users

Jayen Ashar jayen@science.unsw.edu.au
Sun, 17 Jun 2012 14:41:01 +1000


Yes, that would be great.  I looked around for how to contribute small
things like this to OpenAFS and all I could find were a couple of wiki
pages[1,2], but neither of them mention documentation like this.

Thanks,
Jayen

[1] http://wiki.openafs.org/AFSLore/afslore/tinysimpletasks/
[2] http://wiki.openafs.org/AFSLore/contrib/

On Sat, Jun 16, 2012 at 11:16 PM, Jason Edgecombe
<jason@rampaginggeek.com> wrote:
> Yes, something can be added. Anyone is welcome to update the manuals and
> admin guide and may do so. Would you like someone to walk you through the
> process of updating the manual?
>
> Jason
>
>
> On 06/16/2012 05:17 AM, Jayen Ashar wrote:
>>
>> Yes, I found that after reading Simon's email. =A0Just reading the man
>> page, though, it wouldn't have been clear to me that this is what I
>> wanted. Could a line be added to the man page similar to what Simon
>> said?
>>
>> "When multiple Kerberos5 realms authenticate to the same AFS cell, all
>> local and foreign realms in krb.conf are equivalent, so sxw@LOCAL and
>> sxw@FOREIGN would both map to the pts user sxw."
>>
>> Could something also be added to
>> http://docs.openafs.org/AdminGuide/ch02s03.html#HDRWQ40 (Granting and
>> Denying Foreign Users Access to Your Cell)?
>>
>> Thanks,
>> Jayen
>>
>> P.S. =A0Apologies if this is a duplicate. =A0I have reason to believe th=
e
>> university's mail server dropped my previous reply.
>>
>> On Thu, 14 Jun 2012, Jason Edgecombe wrote:
>>
>>> I don't think so. It's documented in the krb.conf man page, though.
>>>
>>> On 06/14/2012 07:16 AM, Jayen Ashar wrote:
>>>>
>>>> Yes, that works wonderfully! =A0Thanks for that. =A0Is this mentioned =
in
>>>> the Admin Guide somewhere? =A0I couldn't find it.
>>>>
>>>> Thanks,
>>>> Jayen
>>>>
>>>> On Thu, Jun 14, 2012 at 9:04 PM, Simon Wilkinson
>>>> <simonxwilkinson@gmail.com> wrote:
>>>>>
>>>>> On 14 Jun 2012, at 11:45, Jayen Ashar <jayen@science.unsw.edu.au>
>>>>> wrote:
>>>>>
>>>>>> Is there any chance this has changed in the last 9 years?
>>>>>
>>>>> The details of how cross-realm users are created hasn't changed,
>>>>>
>>>>> However, I don't think this is applicable to your situation. What you
>>>>> should do is list both your local and foreign realms in =A0 =A0krb.co=
nf. This
>>>>> tells AFS that the two realms are equivalent, so sxw@LOCAL =A0and sxw=
@FOREIGN
>>>>> would both map to the pts user sxw.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon