I believe it is very important that the authenticated name be preserved for logging and because you never know when some admininstrator might screw up and issue [EMAIL PROTECTED] to [EMAIL PROTECTED] to different users when both the FOO.COM and BAR.COM realms are trusted by the foobar.com cell.
Actually they may want to do this, to map two differnet principals to the same authorization name. ~/.k5login is an example of this.
H:\>cat .k5login [EMAIL PROTECTED] [EMAIL PROTECTED] cclausen/[EMAIL PROTECTED]
I think this is how I got confused about how the cross-realm trust worked in the first place, as I could logon to my AIX machine using my AD tickets without any problem.
Thanks for the explainations!
<<CDC
Christopher D. Clausen
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
