On Thu, 11 Mar 2010, Michael Tiernan wrote: > Thanks for the response!
You are welcome. > > Its like that movie: 'There can be only one' realm (and its backups) > Ok, you get five geek points for sneaking a Highlander reference into > the thread! :) ;-) > > Cross-realm authentication is something to avoid with afs. There is no > > point; > I'm not 100% sure I get it. Sorry for being dense. :( Its technically possible to use multiple realms. Don't try that. Stick with just one Kerb. realm. > Let me ask it this way. Is there a way to set up a system to be an AFS > *client* and not a server? Yes. Most systems are clients. The cell for which you machine is a client is controlled by the /usr/vice/etc/ThisCell file. On windows, there is a gui that lets you change cell membership. > How is it that I can, after logging in, authenticate from inside one > realm to, say UCSD, and AFS mount a user specific file space to my > machine? (Under the 'assumption' that they make it available.) I'm guessing you want something specific. Are the files you want access protected by access control? or are they public? Send me a path, and I'll see if they are public. > I guess the other way of asking it is is how do you let "normal" users > in without authenticating to the local system but still be able to > gain access to remote AFS volumes? Login access can be independent of afs credentials. There are two possiblilities: 1. You make your system a client of their cell (recommended if you need to authenticate on their cell to access the files. 2. You set up your own cell and client, and access their public files over the internet. Recommended if you want to access your own files securely (well, DES at present; AES effort underway/done) over the internet. There are instructions at openafs.org on setting up a cell. Eg. from clients of my av8.net cell, I can see sipb.mit.edu public files: ls -l /afs/sipb.mit.edu/ total 38 drwxrwxrwx 2 root root 2048 Aug 27 2008 admin drwxrwxrwx 4 root root 2048 Oct 7 17:01 contrib drwxrwxrwx 7 root root 4096 Feb 11 2009 machine drwxrwxrwx 3 root root 12288 Feb 28 23:43 project drwxrwxrwx 16 root root 4096 Mar 11 02:26 service drwxrwxrwx 8 root root 2048 Apr 21 2005 system drwxrwxrwx 2 root root 12288 Mar 8 20:36 user > (Yes, I'm reading as much as I can as fast as I can to try and figure > it all out.) > > And thank you to everyone for allowing me to use up some of this bandwidth. > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 256 5494 _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
