Before I start, let me preface this with the comment that I don't really want to do this. It's a big mess being caused by ActiveDirectory and how people want to implement it, including what domain name to use/etc. It's a combination of microsoft implementation inflexibility and local politics. First, I remember reading something about changing the realm name at one point. How much trouble would it be to implement this? Is there any way to do it other than by setting everyones password again? As well as the host principal's keys? Related to AFS, is there any way to have the kerberos realm be different than your afs cell name? I remember seeing something in aklog about this, but I wasn't really sure how it functioned. Additionally, if I do this, what happens with the server keys/etc. I suppose I could create a new afs service key and store it in KeyFile even though it has a completely different salt/realm than the previous one. Has anyone done anything like this? The other possibility is changing the cell, but that seemed as painful as updating all the user keys. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216
changing realm name/alternate realm name, in particular with AFS
Neulinger, Nathan R. Fri, 5 May 2000 19:09:05 +0200 (MET DST)
- Re: changing realm name/alternate realm name, in part... Neulinger, Nathan R.
- Re: changing realm name/alternate realm name, in... Ken Hornstein
- Re: changing realm name/alternate realm name, in... Douglas E. Engert
- Re: changing realm name/alternate realm name, in... Von Welch
- RE: changing realm name/alternate realm name, in... Neulinger, Nathan R.
- Re: changing realm name/alternate realm name... 'Von Welch'
