Paul, Using the actual IP address instead of a wildcard, I was able to reproduce the situation you described: a user on the client with no tokens is a member of system:authuser. (I should have been more thorough when playing around with this yesterday, but opted to save time instead.) This seems like a bad thing to me. Does anyone see a reason that it would be desirable to have specific IP address entries lead to system:authuser membership? If not, I'll have the code changed. As an interesting side-effect of the above problem, specific host numbers can be added to ACLs without putting them in a group first. This is likely to change in the near future, though! Joe Jackson, AFS Product Support, Transarc Corp.
- Re: PAG Instructions, Please Peter Lister, Cranfield Computer Centre
- Re: PAG Instructions, Please Paul Howell
- Re: PAG Instructions, Please Joseph_Jackson
- Re: PAG Instructions, Ple... Scott Dawson
- Re: PAG Instructions, Please Allen Hebert
- Re: PAG Instructions, Please Randolph J. Herber, CD/DCD/SPG, x2966
- Re: PAG Instructions, Please Randolph J. Herber, CD/DCD/SPG, x2966
- Re: PAG Instructions, Please Jon S. Stumpf
- Re: PAG Instructions, Please Paul Howell
- Re: PAG Instructions, Please Joseph_Jackson
- Re: PAG Instructions, Ple... Pat Wilson
- Re: PAG Instructions, Please Paul Howell
- Re: PAG Instructions, Please Jeffrey J. Carpenter
- Re: PAG Instructions, Please Joseph_Jackson
- Re: PAG Instructions, Ple... Dimitris_Varotsis
- Re: PAG Instructions, Ple... Keith Gorlen
- Re: PAG Instructions,... Mike_Kazar
- Re: PAG Instructi... Wallace Colyer
- Re: PAG Instructions, Ple... Scott Dawson
- Re: PAG Instructions, Please Michael E. Winslett
