Jason D. McCormick <[EMAIL PROTECTED]> wrote: > In RT issue 58447 there's mention that the multi-realm Kerberos patch > would be put into the 1.4 production branch around what looks like > the release time of 1.4.5. However in looking at the patch and the > code in 1.4.7 I don't see any support for specifying multiple realms > in krb.conf. Am I missing something or was this not added? If it > wasn't added, was there a reason it wasn't added that would cause > problems if I started using the patch? I'm looking for a way to > authenticate users from a "foreign" realm. The two K5 realms have a > two-way trust but I don't want to have to create foreign-realm PTS > entries, I want [EMAIL PROTECTED] and [EMAIL PROTECTED] to get the > same PTS/token in the cell realm1.com.
I haven't had a problem (well, not a problem related to the patch anyway) using the patch with the UIUC.EDU, AD.UIUC.EDU and ILLIGAL.UIUC.EDU. That patch will do what you want and you should be able to apply it yourself and compile. Be aware of the security implications of trusting the realms in this manner though. Whomever can create principals in either realm can potentially gain access to your cell as a system:administrator. <<CDC _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
