Yes, I found that after reading Simon's email. Just reading the man page, though, it wouldn't have been clear to me that this is what I wanted. Could a line be added to the man page similar to what Simon said?
"When multiple Kerberos5 realms authenticate to the same AFS cell, all local and foreign realms in krb.conf are equivalent, so sxw@LOCAL and sxw@FOREIGN would both map to the pts user sxw." Could something also be added to http://docs.openafs.org/AdminGuide/ch02s03.html#HDRWQ40 (Granting and Denying Foreign Users Access to Your Cell)? Thanks, Jayen P.S. Apologies if this is a duplicate. I have reason to believe the university's mail server dropped my previous reply. On Thu, 14 Jun 2012, Jason Edgecombe wrote: > I don't think so. It's documented in the krb.conf man page, though. > > On 06/14/2012 07:16 AM, Jayen Ashar wrote: >> >> Yes, that works wonderfully! Thanks for that. Is this mentioned in >> the Admin Guide somewhere? I couldn't find it. >> >> Thanks, >> Jayen >> >> On Thu, Jun 14, 2012 at 9:04 PM, Simon Wilkinson >> <simonxwilkin...@gmail.com> wrote: >>> >>> On 14 Jun 2012, at 11:45, Jayen Ashar <ja...@science.unsw.edu.au> wrote: >>> >>>> Is there any chance this has changed in the last 9 years? >>> >>> The details of how cross-realm users are created hasn't changed, >>> >>> However, I don't think this is applicable to your situation. What you >>> should do is list both your local and foreign realms in krb.conf. This >>> tells AFS that the two realms are equivalent, so sxw@LOCAL and sxw@FOREIGN >>> would both map to the pts user sxw. >>> >>> Cheers, >>> >>> Simon _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
