Skip to topic | Skip to bottom
Home
You are here: TWiki > AFSLore Web > GettingStarted > FrequentlyAskedQuestions > CrossRealmAuthentication r14 - 21 Jan 2005 - 15:53 - EstherF?
EditAttachPrintable

Start of topic | Skip to actions
I am not the right person to write this page but here is summary from a pretty good note from DerekAtkins? in a thread on the OpenAFSInfo mailing list.

In order to setup cross-realm:

  1. you need cross-realm Kerberos (a shared key)
  2. The foreign cell needs to setup a group to hold users from your.original.cell:
    pts cg system:authuser@your.original.cell -c foreign.cell

The "groupquota" on this group is the number of cross-cell users who can be created. Then, once that is setup, users can create themselves ids in the foreign cell:

  1. user needs to obtain a token in the foreign cell:
    aklog -cell foreign.cell
  2. user creates themselves an id in the foreign cell:
    pts cu user@your.original.cell -c foreign.cell
  3. user gets new tokens with proper ID:
    aklog -cell foreign.cell -force

The use of aklog assumes you have KerberosV tickets. Actually, with the OpenAFS aklog, you just the last step -- the aklog to the foreign cell does the pts create internally for you.

I've augmented the description with other comments from the thread.

-- TedAnderson - 22 Jan 2002

End of topic
Skip to actions | Back to top
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r14 < r13 < r12 < r11 < r10 | More topic actions
AFSLore.CrossRealmAuthentication moved from AFSLore.CrossRealmAutentication on 26 Apr 2003 - 01:17 by TWikiGuest - put it back
This site is powered by the TWiki collaboration platformCopyright © 1999-2008 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
* AFSLore Web