> ------------ Původní zpráva ------------ > Od: Alena Manova <[email protected]> > Předmět: [OpenAFS] Re: [OpenAFS] AFS/KRB principal service constraints? > Datum: 26.1.2010 14:56:08 > ---------------------------------------- > > ------------ Původní zpráva ------------ > > Od: Alena Manova <[email protected]> > > Předmět: [OpenAFS] AFS/KRB principal service constraints? > > Datum: 26.1.2010 14:48:41 > > ---------------------------------------- > > Hi, > > > > I have strange issue with AFS authentication. > > > > There are any problems with user principal access. Even server principals > > for > > sorry, I meant there are NOT any issues with user principal access... > > > http/* servers work fine (eg. krb principal http/server.domain....@realm > > with > > afs equivalent http.server can authenticate and access the AFS) > > > > But can't make it working for cron/* principals - created > > cron/server.domain....@realm principal and cron.server AFS user but no way > > to > > obtain AFS tokens. the procedure is the same like for http/* principals > > which > > work fine, so I am confused. > > > > is there some constraint what is accepted as service in the principal? > > > > thank you, Nick. > > __
well, no constraints but different mapping between kerberos and AFS. for kerberos principal http/server.domain....@realm I can create afs user http.server and it works fine. for kerberos principal cron/server.domain....@realm I must create afs user cron.server.domain.tld otherwise it doesn't work. can someone explain that? thanks, Nick. _____________________________________________ > > OpenAFS-info mailing list > > [email protected] > > https://lists.openafs.org/mailman/listinfo/openafs-info > > > > > > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > > > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
