On 2/22/2012 10:30 AM, Jeff Blaine wrote: > The problem isn't "it's not finding afs/sub.my....@sub.my.org" > > The problem is: "it's not looking for a...@sub.my.org" > > It should do that. > > OpenAFS Quick Start Guide: > ... > Begin by creating the following two entires in your site's Kerberos > database: > ... > > The entry for AFS server processes, called either afs or afs/cell. > ...
afs@REALM can only safely be used when the client knows 100% for sure that the "afs" service principal is associated with the cell that is being accessed. aklog will only search for afs@ in the realm that is guessed as being associated with the DNS name of one of the VLDB servers for the realm selected at random. This is why we strongly recommend that the afs/cell@REALM form of service tickets be used in all cases. afs/cell can be used with Kerberos referrals and when dns realm hierarchies must be searched. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
