Lars Schimmer wrote: > Just a few questions: does this mean, with a AD logon over windows you > obtain your ticket from AD AND grant access to OpenAFS because you > obtain a token?
IF you log into Windows using an AD account AND you have OpenAFS Integrated Logon turned on AND there is an afs/[EMAIL PROTECTED] key in AD THEN you will obtain a token for "cellname" upon login to Windows. > And number two: > Can OpenAFS keyfile hold two keys? Yes. They must have different kvno values. > I mean one from AD kerberos and one > from MIT Kerberos server? As long as the keys are distinguished by kvno you can use it. In this case your cellname must be the same as one of the realms (except lower case) and the name of the other realm must be placed into the AFS krb.conf file. Doing so means that [EMAIL PROTECTED] and [EMAIL PROTECTED] are both treated as "user" by AFS. Therefore, you must ensure that there are never any conflicts. It also means that both the REALM and DOMAIN had better be administered by the same entity. Jeffrey Altman
begin:vcard fn:Jeffrey Altman n:Altman;Jeffrey org:Secure Endpoints Inc. adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States email;internet:[EMAIL PROTECTED] title:President tel;work:+1 212 769-9018 x-mozilla-html:TRUE url:http://www.secure-endpoints.com version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
