Christopher D. Clausen wrote: > What is the current realm limit in 1.5? Currently Four.
src/config/afs_sysnames.h /* Specifies the number of equivalent local realm names */ #define AFS_NUM_LREALMS 4 > I am using 2 realms now with 1.4. Using an MIT realm and an Active > Directory realm with a single cell. The MIT realm name "matches" the > cell, the AD realm is different. (For the record, its seems that one > must list the "foreign" realm first in krb.conf in order to get the > multile realm support to actually work. Not sure if that is a feature > or a bug.) You shouldn't have to list the local realm at all. However, if the order matters that is a bug. > I'd hate to see multi-realm support turn into two-realm support or > three-realm support. I guess its better than nothing, but again seems > arbitrary. I know one could simply design the Kerberos realms better to > avoid needing so many realms, but sometimes that is out of the control > of the AFS administrator. A longer term solution is to implement modifications to the protection server to implement many names to one AFS ID. That way the number of names and their sources can be arbitrary. The multiple local realm approach is a hack. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
