Skip Menu |
 

Subject: Leash AFS support only requests tokens for default cell
This is not a bug in krb5. However, as there is no better place to file
KfW bugs I am submitting this here.

The Leash ticket manager will attempt to obtain AFS tokens when Kerberos
TGTs are obtained. At the current time, the Leash_afs_klog() routine
only supports obtaining tokens for the default AFS cell regardless of
which Kerberos realm TGTs are requested for. I believe this behavior is
incorrect. I think the behavior should be:

(1) attempt to retrieve AFS tokens for the Cell whose name matches the
Realm name.

(2) if (1) fails, attempt to obtain AFS tokens for the default Cell (if
different)

Opinions are appreciated.
Leash has been replaced by Network Identity Manager in KFW 3.0