Hi, I am quite new to afs, so sorry if this question is too basic. I
have almost no understanding of Kerberos either. The original request
was to set up a cross realm trust between a running AFS server and
university's AD. But before doing that, I think it might be safer to
try things out on machines in my office. So I have set up an AFS cell,
atmo.ku.edu, on one of the Linux boxes here. And after reading several
articles about setting AD as KDC for AFS, I thought what I need to do
are (1) share a key between atmo.ku.edu (testing cell) and ku.edu
(working cell) (2) create a special group system:[EMAIL PROTECTED] on cell
atmo.ku.edu.
By issuing the command,
pts add system:[EMAIL PROTECTED] -o system:administrators
I can create the group system:[EMAIL PROTECTED] on cell atmo.ku.edu. And
it can be seen by issuing the command
pts listent -g
Then I encounter problems in how to share keys between the two cells.
And I have many questions:
(1) How to create the share key?
I have tried pts add krbtgt/[EMAIL PROTECTED], but got an error
message for missing required parameter -group
I have also tried uss add -admin admin -user
krbtgt/[EMAIL PROTECTED], but uss complained about user name should not
have instance string.
Then use kas -admin admin to create krbtgt/[EMAIL PROTECTED], but
it also complains about illegal character (my guess is the @ letter)
So what should I do to share the key?
(2) Do I need to set up a Kerberos server for my testing cell so that it
could process the krbtgt requests? Currently, the authentication for
both cells is done by kaserver.
Thank you very much for your help in advance.
Chen
---------------------------------------
Technology Support Tech
Department of Geography
1475 Jayhawk Blvd
410 Lindley Hall
University of Kansas
Lawrence, KS 66045
