We have an issue that we haven't found a good solution for on mac osX. We have BOTH a kerberos realm called 'asu.edu', and an active directory domain called asurite. Our afs identities are all in the asu.edu realm. We also have cifs space that requires authentication tokens from the asurite domain.
We can configure the make to do kerberos auth to the asu.edu realm -- and automatically get afs tokens in the request, and access afs. However, configuring the mac that way precludes our ability to get an authentication token in the asurite domain, and therefore prevents us from accessing cifs. Or, we can join the mac to the asurite (active directory) domain, and use cifs, and face similar issues of not being able to get afs tokens to get in to afs space. Finally, we can leave the mac stand alone - not configuring it for any realm/domain authentication, and then use klog to get afs tokens and use the mac prompt for accessing cifs to get authentication tokens from the asurite domain. I am wondering what other mac osx users are experiencing with wanting to use both afs and cifs -- and if there is a best practice and perhaps other tools (scripts?) that make cifs and afs more peacefully coexist on osX. -- David Bear College of Public Programs at ASU 602-494-0424
