On Wed, 18 Jul 2012 13:25:11 -0400 "Gabriel L. Somlo" <[email protected]> wrote:
> I guess the currently available solution is to either > > > 1. work a political miracle and get a Unix kerberos > service principal for Samba, then use just the Unix > realm. If I'm understanding your scenario right, I think you are missing two other options: 3. Create an AFS service principal in the AD realm. 4. Create a cross-realm trust between the two realms. The AFS service principal lives in the Unix realm, and the users get tickets for AD. Both of these let you authenticate to AFS while having tickets only for AD. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
