> In order for user@B to obtain afs/cellname@A there must be a cross-realm > relationship between A and B. > > The other way to obtain a token for "cellname" is to add a service > principal afs/cellname@B to realm B and then export the key and add it > in addition to the key from afs/cellname@A to the AFS cell.
That summarizes it quite well. I think you must at least put the krbtgt/A@B into B which means that A trusts B or the afs/a@B into B which means that the AFS servers in a trust B. If you only can get user- (and not service-) principals into B, you loose. Harald. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
