>What are all the problems, Ken? If you do a krb5.conf file on your >clients with a domain_realm section to map your DNS domain name to the >Kerberos realm name, doesn't that essentially address any issues? You'd _think_ that, wouldn't you? The reality - not all software honors that setup (for example, I don't think Win2K does), and updating all of those configuration files is a huge pain. Let's pretend that's not the issue. The _real_ issue comes up with AFS compatibility. You need to salt the password with the correct realm name ... and that ends up being tricky. Maybe part of this guy's problem was that his AFS cell name didn't match his Kerberos realm name, so perhaps I'm overstating the problem. But it _does_ make things harder; believe me, I'd try to avoid it if at all possible. --Ken
- Re: Question about using Kerberos with AFS Mitch Collinsworth
- Re: Question about using Kerberos with AFS Michael Pelletier
- Re: Question about using Kerberos with AFS Mitch Collinsworth
- Re: Question about using Kerberos with AFS Russ Allbery
- Re: Question about using Kerberos with AFS Harald Barth
- kaserver "little" bug [was: Q... Mitch Collinsworth
- Re: kaserver "little" bug ... Harald Barth
- Re: Question about using Kerberos with AFS Ken Hornstein
- Re: Question about using Kerberos with AFS Dr A V Le Blanc
- Re: Question about using Kerberos with A... Michael Pelletier
- Re: Question about using Kerberos wi... Ken Hornstein
- Re: Question about using Kerber... Mitch Collinsworth
- Re: Question about using Ke... Ken Hornstein
- Re: Question about using Ke... Michael Pelletier
- Re: Question about using Ke... Ken Hornstein
- Re: Question about using Ke... Nathan Neulinger
- Re: Question about using Ke... Ken Hornstein
- Re: Question about using Ke... Michael Pelletier
- Re: Question about using Ke... Ken Hornstein
- RE: Question about using Kerberos with AFS Neulinger, Nathan R.
