>I may be abandoning this because there doesn't seem to be any reliable >way for clients to figure out that the cell is its own realm (without >requiring end-users to manually edit or replace their krb5.conf, which >is way beyond the abilities of many people, sad as that fact may be). > >Basically, unless I can get this to a truly zero-configuration >situation for users, my project is not gonna fly. It's just the >realities of how things are.
It's not like it's completely zero-conf now (except maybe under MacOS X). You still have to distribute various Kerberos & AFS bits for people. I know where you're coming from; I face a very similar problem distributing Kerberos information to a very diverse end-user population. I simplify the matter by using a customized Kerberos distribution. It's not zero-conf, but once the user does a few simple steps (we provide an installer for systems like Windows and MacOS X), they are up and running. This even works for the relatively unsohpisticated user. I wish it was easier for them, but they seem to be able to get work done, so I don't think it's too bad. I wish TXT record lookup was on by default, but I realized a long time ago it's simpler just to distribute my own software rather than fight a battle I'm not going to win. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
