Jeffrey Hutzelman <[EMAIL PROTECTED]> writes: > Note that supporting separate service keys for each server is _very_ > complex; it not only requires the cache manager to discover the > correct service principals and maintain separate sets of tickets for > each server, but also for a variety of administrative tools to > handle using different tickets to talk to different servers, as when > you use 'vos' to perform an operation that requires both updating > the VLDB and performing volume operations on one or more servers.
I see. Does it somehow go beyond the usual kerberos algorithm of: concatenate "service/", the hostname to which packets are being sent, and "@REALM" to form the principal? I suppose if you only know the IP of the fileserver (not its hostname) that would be a big problem. Is that the reason why it's difficult to figure out what principal to use/expect? > So, don't go looking for this functionality any time soon. It's > harder than it looks, and not real high on most people's priority > lists. Okay. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
