none

[openafs-wiki.git] / AFSLore / CrossRealmAuthentication.mdwn

I am not the right person to write this page but here is summary from a pretty good note from [[DerekAtkins]] in a [thread](https://lists.openafs.org/pipermail/openafs-info/2002-January/002959.html) on the [[OpenAFSInfo]] mailing list.

In order to setup cross-realm:

1. you need cross-realm Kerberos (a shared key)
2. The foreign cell needs to setup a group to hold users from your.original.cell:<br />`pts cg system:authuser@your.original.cell -c foreign.cell`

The "groupquota" on this group is the number of cross-cell users who can be created. Then, once that is setup, users can create themselves ids in the foreign cell:

1. user needs to obtain a token in the foreign cell:<br />`aklog -cell foreign.cell`
2. user creates themselves an id in the foreign cell:<br />`pts cu user@your.original.cell -c foreign.cell`
3. user gets new tokens with proper ID:<br />`aklog -cell foreign.cell -force`

The use of aklog assumes you have [[KerberosV]] tickets. Actually, with the [[OpenAFS]] aklog, you just the last step -- the aklog to the foreign cell does the pts create internally for you.

I've augmented the description with other comments from the thread.

-- [[TedAnderson]] - 22 Jan 2002 [http://www.hengda-nb.com 甲缩醛] [http://www.hengda-nb.com 氯甲烷] [http://tuantibaoxian.shop263.com 团体保险] [http://shbaoxian.shop263.com 上海保险] [http://1baoxian.shop263.com 保险] [http://shpa18.shop263.com 上海平安保险公司] [http://shenji.shop263.com 审计] [http://shuiwu.shop263.com 税务] [http://zhanshitai.shop263.com 展示台] [http://fengmuji.shop263.com 风幕机] [http://www.blogbus.com/blogbus/blog/diary.php?diaryid=576865 blog] [http://asp.7i24.com/qh505/blog2/more.asp?name=bodazhang&amp;id=53 blog] [http://www.yourblog.org/Data/20051/207360.html blog] [http://seo263.blogchina.com/ blog] [http://basics.sjtu.edu.cn/blog/summary.php blog] [http://bbs.dprktime.com/blog.asp?name=bodazhang blog] [http://blog.china-pub.com/more.asp?name=bodazhang&amp;id=7016 blog] [http://blog.aspcool.com/bodazhang/archive/2005/01/16/1710.html blog] [http://blog.haiguinet.com/more.asp?name=bodazhang&amp;id=117 blog] [http://blog.itpub.net/bodazhang blog] [http://blog.netandtv.com/blog/blog.asp?name=bodazhang blog] [http://blog.qlsh.net/more.asp?name=boda&amp;id=1110 blog] [http://blog.soufun.com/blog/bodazhang/ blog] [http://www.ucblog.com/more.asp?name=boda1&amp;id=7516 blog] [http://blog.zhinet.com/blog.asp?name=bodazhang blog] [http://hk.netsh.com/eden/blog/ctl\_eden\_blog.php?iBlogID=1098686 blog] [http://riji.163.com/weblog/comment/1boda/null/375063 blog] [http://wen.ccp.org.cn/modules.php?name=Journal&amp;file=display&amp;jid=23 blog] [http://www.52blog.net/more.asp?name=bodazhang&amp;id=104769 blog] [http://www.70blog.com/blog.asp?name=bodazhang blog] [http://www.eedu.org.cn/blog/more.asp?name=bodazhang&amp;id=919 blog] [http://www.blog.sh/more.asp?name=bodazhang&amp;id=4312 blog] [http://www.blog8748.com/blog/more.asp?name=bodazhang&amp;id=2356 blog] [http://www.blogerhome.com/more.asp?name=bodazhang&amp;id=5317 blog] [http://www.visa.org.cn/blog/more.asp?id=351 blog] [http://blog.lawoy.com/bodazhang blog] [http://www.donews.net/boda/archive/2005/01/16/242661.aspx blog] [http://blog.xinanhui.com/more.asp?name=bodazhang&amp;id=2018 blog] [http://www.ins.com.cn/blog/blog.asp?name=bodazhang blog] [http://www.kmcenter.org/blog/more.asp?name=bodazhang&amp;id=794 blog] [http://218.78.246.60/yuwenonline/blog/more.asp?name=bodazhang&amp;id=189 blog] [http://www.oioj.net/blog/more.asp?name=bodazhang&amp;id=26755 blog] [http://blog.ourmm.com/more.asp?name=boda&amp;id=1469 blog] [http://www.tanqiu.com/blog/blog.asp?lid=4328 blog] [http://www.upda.cn/modules/weblog/details.php?blog\_id=286 blog] [http://www.vi21.net/blog/more.asp?name=bodazhang&amp;id=413 blog] [http://www.wuyouschool.com.cn/blog/more.asp?name=bodazhang&amp;id=245 blog] [http://blog.116.com.cn/index.php?blogId=9797 blog] [http://www.cndazhou.net/oblog/more.asp?name=bodazhang&amp;id=206 blog] [http://www.wenxue.com/T3/?q=node/4140 blog] [http://dili.wjstar.net/blog/more.asp?name=bodazhang&amp;id=1544 blog] [http://www.eedu.org.cn/blog/more.asp?name=bodazhang&amp;id=919 blog] [http://www.blogcn.com/user26/bodazhang/index.html blog] [http://herald.seu.edu.cn/blog/bodazhang blog] [http://www.blogcn.com/user26/bodazhang/index.html blog] [http://bodajishu.bloglong.com/BlogCollection/MyBlog.aspx blog] [http://www.zjut.com/blog/blog.asp?name=boda1 blog] [http://boda1.yculblog.com/ blog] [http://boda1.blogcup.com/read\_boda1\_24377.html blog]