On 1/27/2015 9:44 AM, Volkmar Glauche wrote: >[deleted] > > Now, I would like to be able to use tickets from kerberos realm B.COM to > get OpenAFS tokens in cell a.com. I can neither add any principals to > realm B.COM nor implement a full cross-realm trust relationship.
In order for user@B to obtain afs/cellname@A there must be a cross-realm relationship between A and B. The other way to obtain a token for "cellname" is to add a service principal afs/cellname@B to realm B and then export the key and add it in addition to the key from afs/cellname@A to the AFS cell. If you can do neither, then the user must obtain initial tickets in A before obtaining afs/cellname@A.
smime.p7s
Description: S/MIME Cryptographic Signature
