In the source file src/auth/userok.c there are:
#ifdef notyet
} else if ( (tmp = CompFindUser(adir, tname, "/", tinst, NULL)) ) {
strcpy(uname, tmp);
flag = 1;
#endif
}
/* cell of conn doesn't match local cell or realm */
} else {
if ( (tmp = CompFindUser(adir, tname, ".", tinst, tcell)) ) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ( (tmp = CompFindUser(adir, tname, "/", tinst, tcell)) ) {
strcpy(uname, tmp);
flag = 1;
#endif
} else if ( (tmp = CompFindUser(adir, tname, ".", tinst, tcell_l)) ) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ( (tmp = CompFindUser(adir, tname, "/", tinst, tcell_l)) ) {
strcpy(uname, tmp);
flag = 1;
#endif
You can remove those ifdef's, but as I said, I don't remember the discussion. I
originally wrote those in there cause I wanted to do just what you are doing locally.
The code was committed, but the krb5 syntax support was disabled in the commit.
I do not believe there would be any problem with enabling it, but others may have
something to say here.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: [EMAIL PROTECTED]
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Martin MOKREJŠ [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 11:41 AM
> To: Neulinger, Nathan
> Cc: [EMAIL PROTECTED]
> Subject: RE: [OpenAFS-devel] pts examine
>
>
> On Tue, 3 Dec 2002, Neulinger, Nathan wrote:
>
> > > Would someone believe that I'm so stupid to put into UserList
> > > usernames in
> > > a syntax of kerberos5 and NOT kerberos4? Thanks to Johan
> Danielson who
> > > pointed me to this problem.
> >
> > >From changelog:
> >
> > * src/auth/userok.c: DELTA
> > afs-superuser-foreign-realm-checks-20010514 AUTHOR
> [EMAIL PROTECTED]
> >
> > This rewrite cleans up the code a bit, removes any
> athena specific
> > references (not needed anymore in this version),
> and adds support
> > for multi realm management of afs servers (you can
> now specify
> > "admin@OTHERREALM" in your userlist).
>
> > Sounds like we just have the krb5 style syntax disabled at the
> > moment... I don't remember the discussion, so I'm not sure
> why that is
> > the case.
> >
> > Seems to me that enabling the krb5 syntax is a step in the
> right direction.
>
> But how to enable it? ;-)
>
> I can just state, that having [EMAIL PROTECTED] in UserList makes
> ptserver, fileserver, bosserver unhappy with my tickets v5 &
> v4 & tokens
> in ticket cache. I use heimdal-0.5.1. Maybe afs could use
> some kerberos
> function to convert the name from v5 mapping to v4 in the meantime.
> That will pickup the rewriting rules from krb5.conf also.
>
> --
> Martin Mokrejs <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
> MIPS / Institute for Bioinformatics <http://mips.gsf.de>
> GSF - National Research Center for Environment and Health
> Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
> tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
>
>
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel
