(Illustration by Gaich Muramatsu)
Hello Greg, On Wed, Apr 21, 2004 at 08:35:33AM -0400, Greg Troxel wrote: > For kerberos realm, I'd say in KRB.REALM obtained by using the normal > kerberos config mechanisms to find the KRB.REALM which corresponds to > the 'host' CODA.REALM. Kerberos realm corresponding to Coda realm - how can Kerberos config mechanism know that? You mean a separate rule in the client krb5.conf file? For each Coda realm in the world that can be contacted from that client (i.e. most of them :) ?? Even not mentioning that Kerberos rules to translate DNS domain names to Kerberos realms have little ground to exist at all. There is nothing that binds a certain host to a certain Kerberos realm. That is an _application_/_service_ which interacts with a certain (or several!) Kerberos realm(s), not a host... (yes, there is a "host login" application, but that's it) There is neither anything that binds a Coda realm to just _one_ Kerberos realm. Let us reduce confusion and avoid using wrong tools. If there is no hammer at hand, let's find it, don't use an iron... Cheers, -- IvanReceived on 2004-04-21 09:20:48