[BBLISA] Am I missing the screamingly obvious? (AFS/Kerberos/LDAP)

Michael Tiernan michael.tiernan at gmail.com
Thu Mar 11 18:45:01 EST 2010


Thanks for the response!

On Thu, Mar 11, 2010 at 3:21 PM, Dean Anderson <dean at av8.com> wrote:
> Kerberos realm should be the same across all servers. Think of kerberos
> realm as windows domain (which after all, it actually is)
If you mean Microsoft, I have nothing to do with them so that
reference (thank you by the way) doesn't help. :)

> Its like that movie: 'There can be only one' realm (and its backups)
Ok, you get five geek points for sneaking a Highlander reference into
the thread! :)

> Cross-realm authentication is something to avoid with afs.  There is no point;
I'm not 100% sure I get it. Sorry for being dense. :(

Let me ask it this way. Is there a way to set up a system to be an AFS
*client* and not a server?

How is it that I can, after logging in, authenticate from inside one
realm to, say UCSD, and AFS mount a user specific file space to my
machine? (Under the 'assumption' that they make it available.)

I guess the other way of asking it is is how do you let "normal" users
in without authenticating to the local system but still be able to
gain access to remote AFS volumes?

(Yes, I'm reading as much as I can as fast as I can to try and figure
it all out.)

And thank you to everyone for allowing me to use up some of this bandwidth.



More information about the bblisa mailing list