FWIW, this is easy (easier?) if you set up an "empty" realm with no users and an MIT KDC just for the AFS cell, and establish cross-realm trust between the two KDCs.
I'm doing this at the moment against two AD realms on campus (one Win2k0, one Win2k3) and it works quite well. It also minimizes the number of things I have to ask the AD admins to do for me, which is wonderful because we seem to speak completely different languages (Microsoft has invented their own names for all the important Kerberos concepts). - a _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info