[OpenAFS] Re: Multiple Kerberos realm support

Brandon Allbery allbery.b@gmail.com
Thu, 10 May 2012 15:08:09 -0400


--f46d0447f3c62eed7204bfb3577a
Content-Type: text/plain; charset=UTF-8

On Thu, May 10, 2012 at 2:36 PM, Jeff White <jaw171@pitt.edu> wrote:

> **
> I found something else.  If I change /usr/afs/etc/krb.conf to include both
> realm names I can get it to give me a permission denied rather than hanging
> and generating thousands of errors:
>

I have to admit I've been wondering about that since you mentioned that you
had only the foreign domain listed in krb.conf; I'd always understood it to
need both, although that seems like a very unfortunate failure mode (which
I bet nobody'd ever tested previously).  Guess I should have spoken up then.

-- 
brandon s allbery                                      allbery.b@gmail.com
wandering unix systems administrator (available)     (412) 475-9364 vm/sms

--f46d0447f3c62eed7204bfb3577a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Thu, May 10, 2012 at 2:36 PM, Jeff White <span dir=3D"l=
tr">&lt;<a href=3D"mailto:jaw171@pitt.edu" target=3D"_blank">jaw171@pitt.ed=
u</a>&gt;</span> wrote:<br><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex">
<u></u>

 =20
   =20
 =20
  <div bgcolor=3D"#ffffff" text=3D"#000000">
    I found something else.=C2=A0 If I change /usr/afs/etc/krb.conf to
    include both realm names I can get it to give me a permission denied
    rather than hanging and generating thousands of errors:</div></blockquo=
te><div><br></div><div>I have to admit I&#39;ve been wondering about that s=
ince you mentioned that you had only the foreign domain listed in krb.conf;=
 I&#39;d always understood it to need both, although that seems like a very=
 unfortunate failure mode (which I bet nobody&#39;d ever tested previously)=
. =C2=A0Guess I should have spoken up then.</div>
<div><br></div></div>-- <br>brandon s allbery =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"mailto:allbery.b@gmail.com" targe=
t=3D"_blank">allbery.b@gmail.com</a><br>wandering unix systems administrato=
r (available) =C2=A0 =C2=A0 (412) 475-9364 vm/sms<br>
<br>
</div>

--f46d0447f3c62eed7204bfb3577a--