On 5/6/2011 2:41 PM, Hugo Monteiro wrote: > > I should also mention that i have set the following keys > > > [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms] > > [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT] > > [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\fct.unl.pt] > "MethodName"="Kerberos5" > "Realm"="FCT.UNL.PT" > > [HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\staff.fct.unl.pt] > > "MethodName"="Kerberos5" > "Realm"="FCT.UNL.PT" > > > That said, i would expect that only realm FCT.UNL.PT (and it's > principals) would be queried. > >
These registry keys are not used by the Network Provider. Someone can submit a patch to change that but at present those keys are only used for the OpenAFS Network Identity Manager credential provider. The realm for the AFS cell will be determined by the standard algorithmic method of looking up the server names for the vldb servers either from CellServDB or via DNS and then performing a domain to realm translation either locally using the krb5.conf [domain_realm] rules or using Kerberos referrals if the KDC supports that. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
