AFS Advice

Setting up a new Cell and Realm

  • Choose a realm name that is all upper-case and a cell name which is all lower-case. Try to make them match other than case.

  • Use libnss-afs

  • Immediately use pts setmax to ensure that userids are assigned starting from a very high number which will not conflict with the “reserved” range of unix userids (roughly <1024)

    pts setmax -user 10000

Cross-Realm Trusts

The Kerberos FAQ entry on setting up cross-realm trust. I've found that, additionally, you need to make sure the REQUIRE_PRE_AUTH attribute is set on the (user) kerberos principals to be used in crossrealming.

Advocacy

Some nice thoughts from John Boyland on AFS in academic environments.