> $ pts creategroup project.sbp system:administrators -cell > research.cs.berkeley.ed >u > pts: Permission denied ; unable to create group project.sbp with id 0 owned > by 's >ystem:administrators' > >Are there some powers that are withheld from administrators using a >cross-realm pts id? The command succeeds when authenticated as >afsadmin.
I didn't know about this one (and in fact, I thought when we had it set up a cross-realm user on system:administrators worked for everything I had tried, but that was a while ago and maybe my memory is faulty), but one that I specifically remember is that you can't have a cross-realm user on the Bos UserList. Well, you can _put_ one on there, but it won't work for anything. When I tracked this one down, I found code to specifically disallow foreign realm users in the code that handles the Bos UserList; it would not surprise me to find similar code in the pts server. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
