Connecting to multiple Kerberos realms at logon, on Lion
I can make Lion automatically acquire Kerberos tickets for one realm during login, by using Directory Utility's Directory Editor, and adding a line under the appropriate user's AuthenticationAuthority:
;Kerberosv5;;username@REALM1.EXAMPLE.COM;REALM1.EXAMPLE.COM
I have the same username (and password) in two different realms, for reasons outside my control. I need tickets in both to be able to connect to AFS, authenticated by one of them, and map shares from a Samba server authenticated by the second realm.
Using kinit or the Ticket Viewer to manually acquire a Kerberos ticket in a second realm seems to work fine, allowing me to access both AFS and Samba. However, I'd like to automate ticket acquisition from the second realm at login, by adding another line under AuthenticationAuthority:
;Kerberosv5;;username@REALM2.EXAMPLE.COM;REALM2.EXAMPLE.COM
This doesn't work -- only the first line "wins", whichever realm is listed first under AuthenticationAuthority. I'd like to know if it's possible to make Lion acquire tickets in two realms, automatically, during login, and how to go about configuring that to happen.
Thanks,
--Gabriel
MacBook Pro, Mac OS X (10.7.4)