[12765] in Athena Bugs
Re: BRAIN.MIT.EDU
daemon@ATHENA.MIT.EDU (Daniel G. Pouzzner)
Wed Oct 19 13:28:44 1994
From: "Daniel G. Pouzzner" <douzzer@MIT.EDU>
To: Theodore Ts'o <tytso@MIT.EDU>
Cc: douzzer@ai.mit.edu, kerberos-request@MIT.EDU, bugs@MIT.EDU, tlyu@MIT.EDU,
probe@MIT.EDU
In-Reply-To: Your message of "Tue, 18 Oct 1994 14:54:36 +0500."
<9410181854.AA00912@dcl.MIT.EDU>
Date: Wed, 19 Oct 1994 13:28:21 -0400
In message <9410181854.AA00912@dcl.MIT.EDU>, Theodore Ts'o writes:
>Dan,
> I would strongly suggest that instead of using the BRAIN.MIT.EDU
>kerberos realm, that you instead set up your AFS cell to use the
>ATHENA.MIT.EDU kerberos realm for its authentication.
>
[...]
>
> The SIPB.MIT.EDU, LEES.MIT.EDU, and the MEDIA-LAB.MIT.EDU afs
>cells all use the ATHENA.MIT.EDU Kerberos realm. I suggest that you
>change the brain.mit.edu afs cell to use the ATHENA.MIT.EDU realm. If
>you need help doing this, we can provide you with advice about what you
>need to do in order to do this.
>
> - Ted
>
>
In September, I tailored AFS 3.3 to use /usr/afs/etc/Realms, and set
our cell up so that both BRAIN.MIT.EDU and ATHENA.MIT.EDU are accepted
as local realms. (Similarly, the media-lab cell uses older
3.2-derived servers that accept MEDIA-LAB.MIT.EDU and ATHENA.MIT.EDU
tickets.)
The kerberos realm is largely for server and kcmd stuff, though
administrative principals and principals for students/faculty who have
no Athena account will also appear in the database. As far as
namespace collisions are concerned: if the principal exists in
ATHENA.MIT.EDU, there won't be any call for it to exist in
BRAIN.MIT.EDU. Users will, indeed, need to remember only one password.
There are seventy or so machines in BCS, running SunOS 4.1.3, which
makes the autonomy of a separate cell and realm only appropriate, no?
I heartily approve of unified namespaces. The reality, however, is
that the bureaucratic overhead is prohibitive, hence the separate
realm.
Sincerely,
Daniel Pouzzner
