(Illustration by Gaich Muramatsu)
Hi Don, On Wed, Jan 20, 2010 at 06:06:19PM -0800, root wrote: > Ok, I tried changing the clog to: > > [root_at_sandbox3 ~]# clog \ > -method kerberos5 coda_admin_user_at_coda.realm \ > -tokenserver sandbox2.host.domain 370 \ > -krealm KERBEROS.REALM \ > -kdc sandbox2.host.domain \ > -servprinc coda/coda.realm > > Basically, the method user_at_realm was changed to the coda realm from the > kerberos realm. Also, the servprinc was changed to the coda.realm from > sandbox2.host.domain. > > Does this appear sane? Not totally, the principal should be codaauth/coda.realm. > The discourse on host/ vs coda/ vs codaauth/ ended with a misunderstanding. > This subject is not important, please disregard. It _is_ important to use the standard name. See the comment on the wiki. You do not want to maintain all of your client computers and/or accounts to include the reference to a non-standard service principal. Note that your Coda realm can be used from any computer in the world, not only from the ones you happen to administrate. As an example, I would be able to get an account and a password at your realm and then use data under /coda/your.coda.realm transparently. I do not want to remember and supply your non-standard service principal at clog on all workstations I happen to use. It would be your headache to instruct all the users to do so - better just use the standard name instead! Cheers, RuneReceived on 2010-01-21 03:11:11