Loren M. Lang wrote: > I am looking for a way to tell the Network Identity Manager to retrieve > credentials for the home cell of a client when a new user logs in. > Currently, when users log in, they will get their Kerberos credentials > automatically from the default MIT Kerberos realm, but not AFS > credentials. They have to edit the identity settings for that identity > and click add to add the default AFS cell to their identity. After that > future log-ins will work, but, as we do not use roaming profiles, > logging in to a different computer for the first time and they will > still have to add the cell. The default realm is EXAMPLE.COM and the > default cell is example.com. Since this setting is stored per-identity > per-user, I am not sure how to set it up automatically other than a > fancy logon script.
Under the HKLM\SOFTWARE\OpenAFS\Client\Realms key create a key for the
realm name you are using and then create subkeys for each cell you wish
to have tokens acquired for.
If the Realm is AD.FOOBAR.COM and the cell is foobar.com create a key
for
HKLM\SOFTWARE\OpenAFS\Client\Realms\AD.FOOBAR.COM\foobar.com
within that key you can create REG_SZ values for the configuration
parameters
MethodName REG_SZ Kerberos5
Realm REG_SZ AD.FOOBAR.COM
When a Kerberos v5 identity is created in the AD.FOOBAR.COM realm
the foobar.com AFS cell will be added to the configuration.
Jeffrey Altman
Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
