[see end of message for additional details on why my cell works this way] This is weird. When I execute "aklog -c megacz.com", aklog does not attempt to authenticate to the "obvious" k5 realm (MEGACZ.COM -- I have the DNS autodetection entries for that, and they work):
[EMAIL PROTECTED]:~$aklog -d -c megacz.com Authenticating to cell megacz.com (server fleet.cs.berkeley.edu). We've deduced that we need to authenticate to realm CS.BERKELEY.EDU. Getting tickets: afs/[EMAIL PROTECTED] Kerberos error code returned by get_cred: -1765328377 aklog: Couldn't get megacz.com AFS tickets: aklog: Server not found in Kerberos database while getting AFS tickets On unixoid platforms I can override this with "-k MEGACZ.COM" and everything works fine, but the Win32 GUI token client offers no such option. Is there anything I can do on the server/DNS side to get clients' aklog to deduce the proper cell without having to be explicitly told? I would assume that if the cell name explicitly stated on the command line is a valid realm that aklog would use that before trying anything else. ....................................................... Gory details: At the moment I'm using my own domain (megacz.com) to try out some AFS stuff on my machines here on campus since making any sort of DNS change to *.berkeley.edu usually turns into a four-day ordeal involving begging and bribery -- and that's just during the semester. During winter break it'd probably be even worse. I'll move back to *.berkeley.edu when I'm ready to "etch things in stone" so to speak. At the moment my cell and realm are megacz.com/MEGACZ.COM, my k5 server is on turing.megacz.com (off-campus), and all other machines are on-campus hosts in *.cs.berkeley.edu (some of which have additional entries in *.megacz.com pointing at them). - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
