On Mon, Jun 4, 2012 at 12:51 PM, John Tang Boyland <[email protected]> wrote: > We have configured our AFS servers to authenticate either using > our institution AD servers or using our own MIT kerberos realm.
Our situation is sort of similar, except we're using Heimdal instead of MIT. In our environment, Heimdal and AFS is world-accessible, and AD is protected behind a VPN. There's no trust relationship between the two Kerberos realms; we're just using multiple realms for a single cell. If a user has a need to access AFS without any VPN connection, we'll create a Heimdal account for the user. As long as all the AFS services are exposed to the internet, it works. I'm wondering, is AFS behind a more restrictive firewall policy in your environment? Or maybe you're just looking to reduce the number of MIT user principals that you manage? - Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
