Rick,
I've recently gotten cross realm authentication to work in a test
environment. A long while back, I put together a Decorum presentation
on the topic. The slides and notes are in:
/afs/grand.central.org/pub/afs-contrib/doc/kerberos/
The slides talk about a "crosslog" utility. Well, I never quite
finished putting that program together, so the interface isn't as nice
as the one described in the slides. But the current version is able
to get cross-realm tickets using either the ticket-granting ticket
stored by login.krb or a user-supplied password.
I wrote "crosslog" to demonstrate that the cross-realm feature can be
used without needing the MIT Kerberos libraries. Crosslog is modeled
after "cklog" and "aklog", but can be compiled against the standard
AFS libraries that are shipped with the product. More tweaks are
needed before I'll consider the program a finished demo.
Specifically, it needs to store the PTS id with the token so that the
"tokens" command will show the "AFS ID" string.
I should point out that none of this is supported by Transarc. The
slides and sample programs are provided for informational purposes
only.
Joe Jackson,
AFS Product Engineer,
Transarc Corp.
