On Linux, AFS stores its PAG information in one or two fake GIDs.
Unfortunately, AFS doesn't give the fake GIDs names, and thus a number of
tools (like groups) get confused and return errors, for example:
$ groups > /dev/null
id: cannot find name for group ID 1106112751
This results in various programs that run groups (including WinSCP) to
fail unecessarily.
We created a NSS module, libnss-afspag, to give the AFS PAG fake GIDs
names. libnss-afspag works by using the AFS's algorithm to check whether
the GID being resolved is part of an AFS PAG, and if so, returns a name
for the group of the form afspag-1106112751.
Obviously, if you're using the kernel keyring support, you don't need
nss_afspag, but kernel keyring support doesn't seem to be used everywhere
quite yet.
For more information, see <http://debathena.mit.edu/nss_afspag/>.
-Tim Abbott and Anders Kaseorg
MIT SIPB Debian-Athena Project
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
