On Sat, 5 May 2007, Adam Megacz wrote:
I've found that when doing cross-realm trust between two AFS cells (both in MIT KDC realms), the foreign-realm principal trying to acquire tokens in the local realm must have REQUIRES_PRE_AUTH as an attribute in his/her realm in order for aklog to work.
I've found this happens if the cross realm krbtgt principal has requires preauth set. I don't think its a feature of aklog.
However, you really should be using requires preauth on anything that's key would be vulnerable to a dictionary attack.
Simon. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
