Russ Allbery wrote: > John Hascall <[EMAIL PROTECTED]> writes: > >> I'm sure I must be doing something embarrassingly stupid here, >> but I just can't figure out why this script is not able to >> access the files in AFS that it should be able to. > > [...] > >> Default principal: sysadmin/[EMAIL PROTECTED] > > There's a hard-coded table of principals for which the Kerberos v5 support > in rxkad will do realm conversion in src/rxkad/ticket5.c, and sysadmin > isn't one of them. I don't completely follow the code here, but I think > that sysadmin/asw.iastate.edu may not be converted to sysadmin.asw because > sysadmin isn't listed on that list. It feels like there should be a > default fallback to doing that, but I'm not seeing it.
We don't want to default fallback to treating krb5 principals as host
based service principals.
You can add a new entry to 'sconv_list' in src/rxkad/ticket5.c. Use:
R("sysadmin")
Another option is to use "aklog -524" if you are running a krb524d.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
