User level permissions
Johan Ihren
johani at pdc.kth.se
Mon Jun 28 19:25:42 CEST 1999
>>>>> "Tim" == Tim Yardley <yardley at ncsa.uiuc.edu> writes:
Tim,
Tim> Yeah, well... NCSA is in somewhat of a sticky situation. We
Tim> have our own series of patches to kerberos (Ken Hornstein
Tim> works closely with us). We also have a screwy configuration
Tim> for our afs cell/kerberos cell. Basically, they are not the
Tim> same name. Our kerberos realm is ncsa.edu and our afs cell
Tim> is ncsa.uiuc.edu. Needless to say, this causes problems...
Tim> including the inability to authenticate out of the box with
Tim> the krb4-0.9.9 stuff.
Our realm is NADA.KTH.SE and our cell is pdc.kth.se. We authenticate
out of the box with krb4-0.9.9 last time I looked ;-)
Tim> Needless to say, my site mainly runs transarc
Tim> clients... however, we are looking at other alternatives such
Tim> as arla for OS's that are not supported by transarc/ibm.
Tim> Needless to say, a necessity is authentication... so it would
Tim> be nice if we could get it working. I imagine I could hack
Tim> together a "working" klog... but I would also have to do an
Tim> aklog (for automation reasons). Grr.. more work. :/
I believe the solution to that particular problem may be to put
NCSA.EDU (your realm) into /usr/afs/etc/krb.conf (undocumented,
non-standard location, as far as I know, but standard content) on your
fileservers.
Or am I misunderstanding something?
Regards,
Johan Ihrén, <johani at pdc.kth.se>,
phone: +46 (8) 790 6844, Center for Parallel Computers,
Royal Institute of Technology, SE-100 44 Stockholm, Sweden
More information about the Arla-drinkers
mailing list