On Tue, 19 Jul 2011 13:52:08 -0400 "Danko Antolovic" <[email protected]> wrote:
> [root@afs1c afs]# pts adduser -user dantolov -group system:[email protected] > -noauth No, don't do this. In your setup, the _only_ user that will be recognized as "dantolov" is someone that authenticates with the principal [email protected], which, if I understand correctly, does not exist, so there should not be a user called "dantolov" at all. The user that authenticates via the kerberos principal [email protected] will have the AFS PT name "[email protected]" if IU.EDU is not in krb.conf. > Predictably, when I authenticate as a foreign user (via trust), I can't > touch the files in /afs/afs1.bedrock.iu.edu aklog is supposed to automatically create the user [email protected] and add it to system:[email protected] for you; you don't need to do it yourself. Does [email protected] exist? What does aklog say when you give it the -d option when you authenticate with [email protected] ? -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
