Christopher D. Clausen wrote:
H:\>cat .k5login [EMAIL PROTECTED] [EMAIL PROTECTED] cclausen/[EMAIL PROTECTED]
I think this is how I got confused about how the cross-realm trust worked in the first place, as I could logon to my AIX machine using my AD tickets without any problem.
Thanks for the explainations!
Right. The .k5login file provides a set of ACLs approving access to the authentication names specified to the account whose home directory contains the .k5login file. The .k5login does not provide a mapping of usernames.
Therefore, the ACLs for your AFS volume must also contain entries for the [EMAIL PROTECTED] name. As discussed earlier in the thread you added one last night:
Access list for \\afs\acm.uiuc.edu\user\cclausen is Normal rights: system:administrators rlidwka system:anyuser l cclausen.admin rlidwka cclausen rlidwka [EMAIL PROTECTED] rl
Now the remaining problem is that the token being generated is too large for the server to handle. Apply Doug's patches to 1.2.11 or help us prepare for 1.4 by using 1.3.70.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
