> As per the K5 migration info, I have an afs principal:
> [EMAIL PROTECTED]
> however, I note that the pam_krb5afs tries several other
> combinations, but not this one exactly. For example, it tries
> [EMAIL PROTECTED], afs/[EMAIL PROTECTED], and
> afs/[EMAIL PROTECTED]
As Douglas suggests, adding the principal to your realm:
afs/[EMAIL PROTECTED]
would also likely solve your problem. pam_krb5 only tries the instanceless
principal:
[EMAIL PROTECTED]
when it can reverse map the IP address of the AFS server, and use that
domain name to come up with a Kerberos realm, using the [domain_realm]
section in /etc/krb5.conf.
(which is not my preferred behavior)
-Chris Wing
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
