I've found that when doing cross-realm trust between two AFS cells
(both in MIT KDC realms), the foreign-realm principal trying to
acquire tokens in the local realm must have REQUIRES_PRE_AUTH as an
attribute in his/her realm in order for aklog to work.
Is this to be expected, or is it a side effect of some mistake I made?
If this is the case ("cross-realm only works when REQUIRES_PRE_AUTH is
enabled") I can arrange for that attribute to be turned on for all the
necessary users. I just wanted to see if it was necessary before
asking for this to be done, and perhaps understand why it is necessary.
Thanks,
- a
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
