Derrick J Brashear <[EMAIL PROTECTED]> wrote: > On Mon, 9 Apr 2007, Christopher D. Clausen wrote: >> That is assuming you don't have more than X Kerberos realms that you >> want to use for an afs service principal. And if you want to change >> the afs service principal in all trusted realms, you could end up >> needing 2X "slots" in the KeyFile. >> >> Is there a specific reason for the limit? It seems arbitrary to me. > > Linear search. Otherwise no. The current realm limit is lower than > that anyway in 1.5 and is basically 2 in 1.4, unless they all have > the same realm name, unless you're being really tricky anyway.
What is the current realm limit in 1.5? I am using 2 realms now with 1.4. Using an MIT realm and an Active Directory realm with a single cell. The MIT realm name "matches" the cell, the AD realm is different. (For the record, its seems that one must list the "foreign" realm first in krb.conf in order to get the multile realm support to actually work. Not sure if that is a feature or a bug.) I'd hate to see multi-realm support turn into two-realm support or three-realm support. I guess its better than nothing, but again seems arbitrary. I know one could simply design the Kerberos realms better to avoid needing so many realms, but sometimes that is out of the control of the AFS administrator. <<CDC _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
