Scott Williams wrote: >> When we added the "AFS Client Admin" group, the reason for doing so was >> to separate the "AFS Client Admin" functionality from the >> "Administrator" list. Sites that give users "Administrator" in order >> to allow them to run certain applications did not want them modifying >> the AFS configuration. > > > I believe our tester reported that not having AFS Client Admin rights > prevented token-on-login. In any event, this action was help-desk driven.
Absolutely not. AFS Client Admin rights are never used for token management. They are only used to restrict access to commands that affect the configuration of the AFS Client Service for all users of the machine OR that would grant the user access to information that should only be accessible to administrators (ie, trace log or mini dump generation). If you have a user that cannot obtain tokens as part of integrated login, you should turn on trace logging for the integrated login process and file a bug report to [EMAIL PROTECTED] if you cannot figure out why things are failing. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
