Re: [OpenAFS] Integrated Windows Logon

Fri, 06 May 2011 13:48:07 -0700 

On 05/06/2011 08:50 PM, Jeffrey Altman wrote:

On 5/6/2011 2:41 PM, Hugo Monteiro wrote:

I should also mention that i have set the following keys


[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms]

[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT]

[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\fct.unl.pt]
"MethodName"="Kerberos5"
"Realm"="FCT.UNL.PT"

[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\staff.fct.unl.pt]

"MethodName"="Kerberos5"
"Realm"="FCT.UNL.PT"


That said, i would expect that only realm FCT.UNL.PT (and it's
principals) would be queried.



These registry keys are not used by the Network Provider.  Someone can
submit a patch to change that but at present those keys are only used
for the OpenAFS Network Identity Manager credential provider.

The realm for the AFS cell will be determined by the standard
algorithmic method of looking up the server names for the vldb servers
either from CellServDB or via DNS and then performing a domain to realm
translation either locally using the krb5.conf [domain_realm] rules or
using Kerberos referrals if the KDC supports that.

Jeffrey Altman




Hi Jeffrey,
i'm using DNS to publish AFSDB records and it's able to find the AFS servers. But apparently domain translation isn't happening. 

My /etc/krb5.conf file, at the vldb servers, contains

[domain_realm]
        .fct.unl.pt = FCT.UNL.PT

So i assume it should use the same domain for both cells.
I'm sorry if all this seems rather obvious, but the fact is that i don't know which road to take. 

Best Regards,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email    : hugo.monte...@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
                   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                ap...@fct.unl.pt

fct.unl.pt:~# _

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to