Re: wu-ftp and afs

Mon, 24 Jul 1995 04:57:15 -0400 

Gerhard Gonter <[EMAIL PROTECTED]> wrote:

    Paul Blackburn wrote:
    > You are right! Seems like a bug or bad feature to me. I naively thought
    > because I was using AFS aware login (aix325+afs33) that every user would
    > automatically get a PAG. Seems that only accounts that have no matching
    > AFS principal fail to get a PAG (eg root, guest).
    
    That's not the case, on AIX even locally authenticated users receive a
    PAG.  This behavior gave us a hard time when we tried to update Oracle
    on one of our machines.  Because the user 'oracle' received a PAG, the
    installation program bailed  out when it couldn't find the name of the
    first group id.

Greus Gott Gonter!

That is interesting. I checked this out before mailing my note on Saturday.
This Monday morning it's almost the same except that guest does get a PAG
while root does not (both root and guest are not AFS principals).
On Saturday, I am sure that guest had no PAG...curiouser and curiouser!

IMHO, every user (especially root :-) should get a PAG.

BTW, I would also relay the comment from my non-AFS users that getting three
prompts for an AFS password when you don't have an AFS principal is simply
an annoyance (as for guest shown below).
--
regards
paul                             http://acm.org/~mpb/homepage.html

Dialogue showing how root (not an AFS principal) gets no PAG on login 
(presence of PAG is demonstrated by two integers at start of output from
groups command) when using AFS aware login follows:


    AIX Systems Support Centre (dolphin.aixssc.uk.ibm.com)

    login: mpb
    Enter AFS password for mpb: 
    User mpb kerberos-authenticated via AFS 3.3.
    Press RETURN for TERM=ibm3151, or type new TERM name: xterm
    mpb@dolphin $ groups
    33536 32565 staff fax hcon
    mpb@dolphin $ exit



    AIX Systems Support Centre (dolphin.aixssc.uk.ibm.com)

    login: root
    root's Password:
    Press RETURN for TERM=ibm3151, or type new TERM name: xterm
    root@dolphin # groups
    system bin sys security cron audit install
    root@dolphin # exit



    AIX Systems Support Centre (dolphin.aixssc.uk.ibm.com)

    login: guest
    guest's Password:
    Enter AFS password for guest: 
    Unable to read password because zero length passord is illegal
    Login incorrect
    Enter AFS password for guest: 
    Unable to read password because zero length passord is illegal
    Login incorrect
    Enter AFS password for guest: 
    Unable to read password because zero length passord is illegal
    Login incorrect
    $  groups
    33536 32569 usr
    $ exit

Reply via email to