Lesse....
What's involved, I think, is:
-the admins of both cells agree on a a shared key for the shared krbtgt
between cells. Bear in mind that it must be a key, since a password
string will be encrypted to form different keys in each cell.
-both sides create a Kerberos principal
[EMAIL PROTECTED], with the same key and kvno.
Actually, using the AFS kaserver, I don't think the kvno mtaching is
important. It only matters if one side or the other is running an MIT
Kerberos server.
-if you wish users from the other cell to be able to be authentic users
in yours, create the pts group system:[EMAIL PROTECTED]
-get MIT's aklog or CMU's cklog to register and cross-authenticate your
users. I prefer aklog, your preference is your own.
Notes: for creating the actual shared key, you may wish to use
the getrandomkey operation in kas... or maybe come up with something on
your own.
You should be able to use kas setkey to set the key
I think that covers it, however, someone with more experience may have
more to add.
Derrick
